Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2020

Why is Dynamic Analysis an Important Part of Your AppSec Mix?

By now, most are familiar with the concept of DevSecOps. With DevSecOps, application security (AppSec) is moved to the beginning of the software development lifecycle (SDLC). By scanning earlier in the SDLC, you are able to find and fix flaws earlier. This can result in significant time and cost savings. Most organizations understand the importance of static analysis, which scans for flaws during development, but dynamic application security testing (DAST) is just as important.

Announcing Veracode Security Labs Community Edition

We recently partnered with Enterprise Strategy Group (ESG) to survey software development and security professionals about modern application development and how applications are tested for security. The soon-to-be-announced survey found that 53% of organizations provide security training for developers less than once a year, which is woefully inadequate for the rapid pace of change in software development.

Tips for Unifying the Security Professional and Developer Roles

Watch our video "Tips for Unifying the Security Professional and Developer Roles" to hear from Veracode’s Chief Technical Officer Chris Wysopal and Chief Product Officer Ian McLeod on how the security and development roles became misaligned, and how organizations can tackle the problem head-on.

The Texas Cybersecurity Act: What You Need to Know

Texas passed House Bill 8 relating to cybersecurity for state agency information resources. The bill sets mandatory practices for state agencies, institutes continuous monitoring and auditing of network systems, adds protections for student data privacy, and updates the penalties for cybercrimes.

What Does it Take to be a Rockstar Developer?

If there’s one thing you need to value as you move through your career as a modern software developer, it’s the importance of security. With application layers increasing and the shift left movement bringing security into the picture earlier on the development process, security should be top of mind for every developer working to write and compile successful code.

Quality Conundrum: Relying on QA Tools Alone Increases Risk

Quality assurance, or QA, is one of the go-to solutions for organizations looking to enhance their application security (AppSec). But alone, they don’t provide enough coverage and can give your team a false sense of security that comes back to haunt you during audits, or worse: after a breach. QA tools are only the tip of the iceberg when it comes to flagging and remediating flaws that leave your applications vulnerable to attacks.

Understand the Past to Shape the Future of AppSec

It can sometimes feel like development and security teams are working toward two separate goals. Both developers and security professionals are supposed to be working toward timely, secure releases, but in reality, developers tend to prioritize speed and function, and security professionals prioritize security measures. How can you unify the teams and focus them on shared goals? A little history can help.

New Forrester Report: Build a Developer Security Champions Program

We know firsthand how critical it is for developers and security professionals to have a great working relationship. That extends beyond simply communicating well; for your DevSecOps program to come together so that you can secure your applications, you need to break down silos and improve security knowledge across the board.

As the Security Talent Shortage Intensifies, How Do You Upskill Your Development Team?

Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.