My name is Seb and I’m an application security (AppSec) engineer, part of the Application Security Consultant (ASC) team here at Veracode. My role is to help remediate flaws at scale and at pace, and to help you get the most out of the Veracode toolset. With a background as an engineering lead, I’ve run AppSec initiatives for government and global retailers. I’ve found that successful AppSec is all about people.

Developer security training is more critical than ever, but data shows us that the industry isn’t taking it quite as seriously as it should. A recent ESG survey report, Modern Application Development Security, highlights the glaring gaps in effective developer security training.

Veracode recently sponsored Enterprise Strategy Group’s (ESG) survey of 378 developers and security professionals, which explored the dynamic between the roles, their trigger points, the extent to which security teams understand modern development, and the buying intentions of application security (AppSec) teams.

Veracode’s Chris Wysopal and Chris Eng recently joined Enterprise Strategy Group (ESG) Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast, Graham Cluley, at Black Hat USA to unveil the findings from a new ESG research report, Modern Application Development Security.

You work hard to produce quality applications on tight deadlines, and like every other development team out there, that often means relying on open source code to keep projects on track. Having access to plug-and-go code is invaluable when you’re racing the clock, but the accessibility of open source libraries comes with a caveat: increased risk.

As organizations continue to adopt DevSecOps, a methodology that shifts security measures to the beginning of the software development lifecycle (SDLC), roles and processes are evolving. Developers are expected to take on increased security measures – such as application security (AppSec) scans, flaw remediation, and secure coding – and security professionals are expected to take on more of a security oversight role.

Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn’t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn’t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems.