Software Security

Archive for the 'Software Security Program Development' Category

 

Moving beyond ‘moving left’: The case for developer enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | Comments Off on Moving beyond ‘moving left’: The case for developer enablement

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Conference or Event, Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice

 

3 presentations you don’t want to miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017

 

Make a new year’s resolution to get serious about software security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Program Development, Vendor Risk Management | Comments Off on Make a new year’s resolution to get serious about software security

 

Setting up a software security group in 5 steps

Traveling with a group will motivate you to pick up the pace. Working together, a team will share the load and make everyone’s pack lighter. The right team can make the difference between a painful slog and an incredible adventure. Meet your hiking party—the Software Security Group (SSG). Why have a software security group? In […]

Continue Reading...

Posted in Software Security Program Development | Comments Off on Setting up a software security group in 5 steps

 

7 elements of a successful software security journey

A successful software security journey is an exercise in endurance. As you travel you’ll build strength and skills that make the process more streamlined and efficient. If you make, manage, or purchase software, you need to address software security. Prepare for the adventure by making sure you have the right things in your pack. In […]

Continue Reading...

Posted in Security Metrics, Security Training, Software Security Program Development, Software Security Testing | Comments Off on 7 elements of a successful software security journey

 

Software security essentials every SMB should have

The all-too-prevalent attacks against large organizations are often those that you’ll see pop up on the news. However, attackers aren’t neglecting small and medium-sized businesses (SMBs). That’s why every organization, irrespective of its size, needs software security. Wondering how to kick-start a robust software security implementation for your start-up? Here, I’ll discuss several essential factors that […]

Continue Reading...

Posted in Software Security Program Development, Software Security Testing | Comments Off on Software security essentials every SMB should have

 

3 ways that AppSec training benefits your long-term security strategy

Security training is an investment that yields critical returns to both the organization and the organization’s most valuable asset—its people. Training can directly impact key metrics like bug density ratios and time to remediation if it is implemented effectively. Today, I’ll highlight three ways that application security training can effectively benefit your long-term security strategy and mature […]

Continue Reading...

Posted in Application Security, Security Training, Software Security Program Development | Comments Off on 3 ways that AppSec training benefits your long-term security strategy

 

Software security initiative capabilities: Getting started

A software security initiative (SSI) often begins with one of three common security capabilities: Penetration testing Code review Some sort of secure design review (e.g., threat modeling) During this year’s OWASP AppSec California, Synopsys’ Jim DelGrosso presented on the benefits and drawbacks of these software security initiative capabilities. Watch as he illustrates how each capability fits into building a […]

Continue Reading...

Posted in Code Review, Penetration Testing, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on Software security initiative capabilities: Getting started

 

Add security to your SDLC with this handy checklist

Whether you use Agile, Waterfall, or something in between, building security into your software development life cycle (SDLC) can improve efficiency and reduce cost—if it’s done the right way. This checklist will guide you throughout the development journey to assure that you’re integrating security into each of the seven SDLC artifacts. 1. Add security to […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing | Comments Off on Add security to your SDLC with this handy checklist