Tuesday, September 10, 2024
Security Boulevard
The Home of the Security Bloggers Network
Community Chats Webinars Library
Home
Cybersecurity News
Features
Industry Spotlight
News Releases
Security Creators Network
Latest Posts
Syndicate Your Blog
Write for Security Boulevard
Webinars
Upcoming Webinars
Calendar View
On-Demand Webinars
Events
Upcoming Events
On-Demand Events
Sponsored Content
Chat
Security Boulevard Chat
Marketing InSecurity Podcast
Techstrong.tv Podcast
TechstrongTV - Twitch
Library
Related Sites
Techstrong Group
Cloud Native Now
DevOps.com
Security Boulevard
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
Techstrong.tv - Twitch
Devops Chat
DevOps Dozen
DevOps TV
Media Kit
About
Sponsor
Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Blockchain / Digital Currencies
Careers
Cyberlaw
Mobile
Social Engineering
Humor
Hot Topics
Delinea Survey Surfaces Spike in Cybersecurity Insurance Claims
How One Consultancy Behemoth Uses HYAS for Unrivaled Cybersecurity
USENIX Security ’23 - Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis
Phishing Via Typosquatting and Brand Impersonation: Trends and Tactics
Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap
Search Contributors
All
Latest Posts
Last 7 days
Last 30 days
This Year
Avatar
Contributor Name
Blog Name
Total Posts
Latest Posts
cybernewswire
2
5 hours ago
Jeffrey Burt
Security Boulevard
1
6 hours ago
Marc Handelman
Infosecurity.US
1
4 hours ago
TuxCare Team
TuxCare
1
11 hours ago
Prayukth K V
Sectrio
1
8 hours ago
Ashley Garvin
ISHIR | Software Development India
1
Yesterday
Chris Garland
Eclypsium | Supply Chain Security for the Modern Enterprise
1
Yesterday
Wajahat Raja
TuxCare
1
12 hours ago
John Dasher
Cequence Security
1
6 hours ago
Horizon3.ai
Horizon3.ai
1
6 hours ago
Rom Carmel
Security Boulevard
1
9 hours ago
Nathan Eddy
Security Boulevard
1
10 hours ago
Veriti Research
VERITI
1
9 hours ago
Dwayne McDaniel
GitGuardian Blog - Code Security for the DevOps generation
1
5 hours ago
Shruti Dixit
Security Research | Blog Category Feed
1
5 hours ago
Chris Needs
HYAS Blog - 2024
1
3 hours ago
Michael Vizard
Security Boulevard
1
2 hours ago
Alexandra Charikova
Escape - The API Security Blog
1
9 hours ago
Karlo Zanki
ReversingLabs Blog
1
7 hours ago
Jonathan Fowler
Security Boulevard
1
8 hours ago
Shikha Dhingra
Kratikal Blogs
1
13 hours ago
George V. Hulme
Security Boulevard
1
6 hours ago
Rohan Timalsina
TuxCare
1
10 hours ago
Grip Security Blog
Grip Security Blog
1
Yesterday
Justin Ezawa
Blog Archives - AI-enhanced Security Automation
1
Yesterday
Pages:
1
2
Application Security Check Up
Step
1
of
7
14%
Does someone in your organization write software?
(Required)
Yes
No
What portion of your cyber risk is Application Security (AppSec)? (Select one)
(Required)
We over-focus on AppSec
We focus on AppSec to match the risk
We under-focus on AppSec
What are the biggest challenges you face implementing a robust AppSec strategy? (Select all that apply)
Lack of budget
Insufficient skilled personnel
Complexity of integrating security into the development lifecycle
Resistance from development teams
Keeping up with evolving security threats
Lack of executive buy-in
Other (please specify)
Other
Which DevSecOps practices are widely used for actively developed projects (not legacy) (Select all that apply):
(Required)
Automated unit and functional tests for quality run in the pipeline with merge blocking
Automated application security testing (AST) in development and (SAST/IAST) runs in the pipeline
Automated AST tools to find vulnerabilities in the code you import (SCA) run in the pipeline
Merge blocking at current policy level for AST checks
Secrets management so no secrets stored in source code repositories
How do you assess and mitigate risk of For NON actively developed products (legacy) (Select all that apply):
In-production scans using DAST products like Qualys, Nessus, etc.
Periodic penetration testing
Periodic running of AST tools
Manual code reviews by security specialists
Use of third-party security assessment services
No assessment or mitigation effort is happening
How do you resolve the security issues found? (Select all that apply):
(Required)
Findings are manually triaged
Findings are communicated to engineering via mostly manual processes
Finding above a certain severity automatically populate engineering backlogs
Service level agreements (SLAs) are enforced based on severity
An exception process exists to allow the business to accept risk
The exception process is rarely used and must be renewed periodically
Which best describes security training for your developers? (Select all that apply)
(Required)
Monthly
Quarterly
Annually
As part of onboarding
Just-in-time via integration with AST tools when a vulnerability is found
No formal training provided
Δ