Written in coordination with Prasaath Velu According to 451 Research, 19% of about 800 organizations listed security awareness training ineffectiveness or difficulty as a top information security pain point. In fact, (ISC)2 has estimated that there will be a 20% increase in software security jobs—from 1.5 million in 2015 to 1.8 million in 2022—further stressing […]
Continue Reading...
Posted in Security Training | Comments Off on Synopsys eLearning empowers developers to achieve security compliance with security competency
An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb. The majority of developers don’t come equipped with security skills. In fact 95% of software […]
Continue Reading...
Posted in Security Training | Comments Off on Infographic: A lack of software security training puts companies at risk
Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]
Continue Reading...
Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges
Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]
Continue Reading...
Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | Comments Off on Learning from KRACK and ROCA: Here’s how to equip your firm
October is Cyber Security Awareness Month. The internet has revolutionized how we do business, stay in touch, and shop. As we upload more of our lives onto the internet, we put more of ourselves at risk. A little security goes a long way in protecting what we do online. Here are four quick tips to […]
Continue Reading...
Posted in Security Training, Web Application Security | Comments Off on 4 simple steps to encourage online safety at your company
DevOps enables you to release features and bug remediation efforts faster than ever before through Agile methodologies, CI/CD processes, and open source tools. While traditional security activities have trouble keeping pace with DevOps, it’s also critical not to let security fall behind. Is security tripping you up? As the DevOps revolution continues to advance, security […]
Continue Reading...
Posted in Agile Methodology, CI/CD, DevOps, Security Training | Comments Off on Webinar: Update your AppSec strategy to run effectively in a DevOps world
Let’s say you tested 46 web applications, 19 mobile apps, and 20 client-server apps this year alone. You also purchased a new application security testing tool in the process. You found 112 vulnerabilities and all-in-all you’re feeling pretty good. But before you get too excited, ask yourself a few questions: Did you reduce risk significantly? […]
Continue Reading...
Posted in Application Security, Security Standards and Compliance, Security Training, Software Security Program Development | Comments Off on How can you tell if your software security strategy is working?
There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]
Continue Reading...
Posted in Secure Coding Guidelines, Security Training, Web Application Security | Comments Off on Insecure example code leads to insecure production code
Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]
Continue Reading...
Posted in Application Security, Security Training, Software Security Testing, Vulnerability Assessment | Comments Off on Security topics every software developer should know
Synopsys Principal Security Consultant, Ksenia Dmitrieva-Peguero, recently posed the question at the information security conference, Securi-Tay: How secure is AngularJS? With seven years of experience in the AppSec space, and five years of software development experience, Ksenia’s current concentration centers on the analysis of JavaScript frameworks–researching their security implications, vulnerability discovery, and remediation. In her latest […]
Continue Reading...
Posted in Application Security, Security Conference or Event, Security Training, Vulnerability Assessment | Comments Off on How secure is AngularJS?
