Selling senior-level executives on any new concept can often feel like a trek up a mountain with a 60-pound pack on your back. So, how can you take your application security program to a new and better level with less effort? You focus on what’s really important: getting the right message to the…

Schools, including universities, are increasingly becoming cyberattack targets. Just this month, the Monroe-Woodbury school district in Orange County, NY had to delay the start of school due to cyberattacks. And this incident was only one of a handful of cyberattacks on New York state school…

Security departments are juggling a multitude of security initiatives, and each is competing for a slice of one budget. How do you make the case that AppSec deserves a slice of that budget pie, or a bigger slice, or even to make the pie bigger? Here are a few key ways: Find a compelling event The…

Developer training has an essential role in reducing code vulnerabilities and avoiding a breach. Effective application security requires both locating security-related defects, and fixing them. But developers simply aren’t equipped with the knowledge or skills they need to fix these flaws. Veracode…

There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in harmony with others. For instance, our research showed that there are significant differences in…

It’s best practice to kick off your AppSec inititive by starting small, scanning your most business-critical apps, and addressing the most severe flaws. But it’s also best practice to scale your program to eventually cover your entire app landscape, and all flaws. Why? First, because you can be…