Application Security

The latest News and Information on Application Security including monitoring, testing, and open source.


Fostering DevSecOps: Tool orchestration enables AppSec to keep pace with DevOps

Learn how tool orchestration empowers AppSec to keep pace with DevOps, providing a union of security and speed. Many organizations have advanced from the DevOps methodology to DevSecOps, and it is expected this trend will continue throughout 2020 as more enterprises leverage the cloud. A DevSecOps approach promotes collaboration between software application development teams and application security teams.

View Dynamic Analysis Results

In this video, you will learn how to view Dynamic Analysis results. Veracode Dynamic Analysis is a Dynamic Application Security Testing (DAST) solution that delivers an automated and scalable dynamic scanning capability that enables broad coverage at speed. Because security threats are always evolving, organizations need a product that enables them to start scanning quickly and scale when the security programs and coverage increase.

Recap: Virtual Boston Globe Summit

Veracode CEO Sam King had the opportunity to speak at this year’s inaugural virtual Boston Globe Summit, “The Great Recovery.” Sam was invited to join the panel, How Boston is Tackling the Biggest Cyber Threats Facing Society, moderated by Gregory T. Huang, Business Editor at the Boston Globe, with guests Greg Dracon of.406 Ventures and Christopher Ahlberg of Recorded Future.


Application security testing is important-now can you quickly use the results?

Multiple AppSec tools lead to many results. Let Code Dx centralize your AppSec management to help you make sense of your data. Most organizations have more than one application—some large enterprises have hundreds or thousands of applications in development and production. Each application is constantly updated to fix security issues, improve performance, and meet new customer demands, and an essential part of the update process is to test the application for security issues.


Application Security Testing Evolution and How a Software Bill of Materials Can Help

Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.

AppSec Decoded: Cyber security measures for technology buyers and suppliers | Synopsys

In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, to learn what proactive steps both technology suppliers and buyers should consider in the wake of the new E.O.

MPT's Value at Veracode

You finally have some budget to buy tools for your application security (AppSec) program! GREAT! Purchasing the correct tools for your AppSec pogram can be overwhelming. Even when looking only at point solutions, there still may be some confusion on the value that various tools can provide. Sometimes you'll find the perfect tool, but others may offer you a similar tool with added manual penetration testing (MPT) as part of the overall bundle. That seems like a great idea for the budget.


Integrating static analysis tools with build servers for continuous assurance

Learn how to set up continuous assurance with Code Dx to improve code quality and security at the speed of DevOps. Continuous integration (CI) has made a tremendous impact on how we develop software. The concept is simple: fail fast and fail often. This allows the team to fix problems before they become a big deal, saving time and money.