You're never finished with application security―ever. You can design in all the security controls you want into your software, follow every capability maturity and software development model out there, and test the daylights out of all your apps. But at the end of the day, you are never done. There’s always something you overlooked, or left behind, or that crept into your code creates an exploitable vulnerability.
SANS 2016 State of Application Security Report
Download Now
TechBeacon’s top 10 security stories of 2016 cover the range of issues and trends that will help you get focused on what you may have missed so that you can move forward, with better app security,in the coming year.
57 open source app sec tools: A guide to free application security softwareSecurity mustbe an integral part of any application development process; you can't justbolt iton as an afterthought at the end of the cycle. Butintegrating it into your development and delivery agenda doesn’t have to be expensive, thanks to a slew of free open source application security tools. TechBeacon 's Mike Perrow offers this handy guide to the best of them.
5 emerging security technologies set to level the battlefieldIf there’s one thing that security professionals don’t lack, it'ssecurity tools. In recent years, security vendors have flooded the market with a vast array of products and services designed to protect against every conceivable threat out there, and then some. But do you know whichtoolswillmatter the most in coming years? TechBeacon contributor John P. Mello reports on five emerging technologies that could level the playing field.
How to hack an app: 8 best practices for pen testing mobile appsWhether you like them or not, mobile applications are not going away. Users willcontinue to downloadand usethem in the enterprise,without regard for the security implications. That means it’s up to you to perform penstration testing to ensure that the apps people use don’t pose a risk to enterprise security. Johanna Curiel , co-founder of Ossecsoft, offers a set of recommendations for pen testing mobile apps.
Pen testing cloud-based apps: A step-by-step guidePenetration testing is a good way to unearth vulnerabilities in software. But it is one thing to pen test on-premise applications and quite another topen testapplications that run in the public cloud. In addition to the technical challenges, you'll facelegal obstacles. David Linthicum , senior vice president atCloud Technology Partners, explains allhurdles you need to overcome when conducting pen tests on your cloud-based apps.
DevSecOps : 9 ways DevOps and automation bolster security, complianceContrary to what some might believe, DevOps practices aren't incompatible with information security best practices. In fact, if done right, DevOps can bolster application security by helping to identify and mitigate security issues earlier in the development lifecycle. DevOps can also help speed up the automation of information security functions and services. Electric Cloud CTO Anders Wallgren explains how.
State of app security 2016: Most common vulnerabilities, top trendsDevelopers and security experts have acknowledgedthe need to bake in security during development, not bolt it on at the end of the process. The Open Web Application Security Project, and other efforts, have led to some progress in this area. But a lot of work remains to be done in making security an integral part of the application development lifecycle, reports contributor Jaikumar Vijayan .
Cloud app security: How not to failSoftware developers tend not to think of themselves as responsible for security. That’s a mistake. Trends such as the movement to DevOps and CloudOps, and the growing need for organizations to enable authentication at the application layer, are driving the need for cloud app developers to become experts in security. David Linthicum offers advice on the high-level concepts that developers need to focus on if they want to succeed at cloud appsecurity.
32 app sec stats you should be trackingMost organizations manage a mix of Web, mobile, open-source and cloud applications, and each environment presents its own set of security challenges. That's why it'simportant to keep an eye on the latest trends and practices in each realm. Did you know, for instance, that most organizations plan to spend more on application securityin 2017 than they did lastyear, andthat near 8 in 10 use open source security tools? Jaikumar Vijayan reports on 32 app sec trends that you should be watching.
4 ways to exploit microservices architecture for better app sec The microservices approach to software development enables faster and more frequent updates, and mitigates some of the challenges involved in ensuring that different development groups work and release in tandem. But are you aware of all of the security issues associated with microservices? Do you know why secu