Application Security & Software Security Blog

[Webinars] How to risk rank vulnerabilities, insights from BSIMM10

Learn about five ways to approach risk ranking in vulnerability management, and hear key insights into real-life software security programs from BSIMM10.

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Don’t let your supply chain undermine your security

How do you vet the security of third-party software from vendors, partners, and contractors? Follow software supply chain risk management best practices.

How the 2019 CWE Top 25 can boost your application security

You can use the 2019 CWE Top 25 to help focus your application security efforts. Learn more about this list of the 25 most dangerous software weaknesses.

How DevOps security tools support modern applications

Modern application development organizations must integrate and automate DevOps security tools such as IAST into CI/CD pipelines to speed developers.

How to build a process around an application security tool

How do you ensure your application security tools are enablers rather than hurdles? By building application security processes around the tools you deploy.

Cyber security audits top due diligence checklists

In a study by (ISC)2, all executives and M&A professionals surveyed agreed that cyber security audits have become standard practice in tech due diligence.

Top 3 reasons to choose Black Duck

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.

[Webinars] Evidence-based security, design and code quality in tech M&A

Learn how to improve software security using evidence-based standards, and why you should inspect design and code quality during technical due diligence.

CloudBees and Synopsys: Putting ‘Sec’ into DevSecOps

CloudBees Core users can add Synopsys AST offerings to their pipelines to boost their software security posture without slowing down application delivery.

« Previous Entries

Next Entries »

Be the first to know

Don’t miss the latest AppSec news and trends every Friday.

Subscribe to the blog

Software Integrity Blog

Ask the Experts: How has software security improved in the last few years?

Synopsys CSO: Cybersecurity Awareness Month lessons need to be applied all year

Top open source licenses and legal risk for developers

[Webinars] How to risk rank vulnerabilities, insights from BSIMM10

Apache Struts research at scale, Part 1: Building 115 versions of Struts

Don’t let your supply chain undermine your security

How the 2019 CWE Top 25 can boost your application security

How DevOps security tools support modern applications

How to build a process around an application security tool

Cyber security audits top due diligence checklists

Top 3 reasons to choose Black Duck

[Webinars] Evidence-based security, design and code quality in tech M&A

CloudBees and Synopsys: Putting ‘Sec’ into DevSecOps

Legal

Follow