Application Security & Software Security Blog

Vandana Verma: Passionate guide for the web application security journey

Vandana Verma, security architect at IBM India Software Labs and web application security expert, shares her advice on tools, training, and shifting left.

SAST vs. SCA: What’s the difference? Do I need both?

Learn how to combine static application security testing (SAST) and software composition analysis (SCA) to strengthen your software security program.

Integrating Coverity Scan with GitLab CI

David Woodhouse at AWS, who maintains the open source OpenConnect VPN client, explains how he integrated Coverity Scan with GitLab CI.

[Webinar] OWASP Top 10 for JavaScript Developers

The OWASP documentation doesn’t give much attention to JavaScript. This webinar explains the OWASP Top 10 in terms of JavaScript vulnerabilities.

What is a software bill of materials?

With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use.

Report: Security and development teams need to ‘embrace’ new roles in DevSecOps

For sustainable, long-term application security, both developers and information security professionals must embrace their new roles created by DevSecOps.

JDA Software: Extending their SDLC to remediate open source issues

Smart organizations in the business of building software need to use a mix of application testing tools to ensure their code is high-quality and secure.

How to Cyber Security: Unicorns and donkeys

A security group should help lift the organization into a positive, proactive attitude and work security into all aspects of development and operations.

[Infographic] 7 truths to improve your software security program

The Building Security In Maturity Model (BSIMM) can help you improve your software security program, regardless of industry, size, or application mix.