Programming, SDLC, Security and Software Development

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

SecureWorld News

MAY 19, 2022

Meanwhile, legacy AppSec systems and processes have impeded security teams from being able to scale at the speed of DevOps with very little visibility or control over security risks. Security teams are entirely unprepared to govern and secure the modern SDLC in this agile world. What are security guardrails?

SDLC

SDLC Security Programming Devops

What Executives Should Know About Shift-Left Security

CIO Business Intelligence

FEBRUARY 24, 2023

By Zachary Malone, SE Academy Manager at Palo Alto Networks The term “shift left” is a reference to the Software Development Lifecycle (SDLC) that describes the phases of the process developers follow to create an application. How did the term shift-left security originate?

Security

Security SDLC Applications Development

5 Ways to Prevent Secret Sprawl

SecureWorld News

AUGUST 30, 2021

In the software development life cycle (SDLC), 85% of leaking secrets come from developers sharing information on public personal accounts. This goes to show just how important it is to have the proper training, procedures, and tools in place when it comes to combatting secret sprawl and leaks in your SDLC.

SDLC

SDLC Software Development Software Software

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. While there have been a lot of successes (such as adoption in the OSS community through Coverity SCAN), I’ve also seen challenges with organizations attempting to adopt SAST as part of their development process.

Applications

Applications Security Analysis Software

How Mayhem Is Making AppSec Easy for Small Teams

ForAllSecure

FEBRUARY 2, 2023

Running tests manually is time-consuming, and small teams may feel that they don’t have the time required to secure their applications. In this post we'll explore how Mayhem works and the benefits it offers to smaller companies looking to secure their apps. Development Speed or Code Security. You'll be glad you did.

SDLC

SDLC Budget Applications Security

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. While there have been a lot of successes (such as adoption in the OSS community through Coverity SCAN), I’ve also seen challenges with organizations attempting to adopt SAST as part of their development process.

Applications

Applications Security Analysis Software

Challenging ROI Myths Of Static Application Security Testing (SAST)

ForAllSecure

JUNE 23, 2020

There are several benefits for using Static Analysis Security Testing (SAST) for your software security. While there have been a lot of successes (such as adoption in the OSS community through Coverity SCAN), I’ve also seen challenges with organizations attempting to adopt SAST as part of their development process.

Applications

Applications Security Analysis Software

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

This however has the unfortunate side-effect of imbuing these systems with an additional characteristic - the fusion of hardware and software make these systems essentially cyber-physical systems. By using non-vulnerable versions of these components, security can be immediately improved.

Software

Software Software Analysis Programming

Software is Infrastructure

ForAllSecure

OCTOBER 23, 2019

This however has the unfortunate side-effect of imbuing these systems with an additional characteristic - the fusion of hardware and software make these systems essentially cyber-physical systems. By using non-vulnerable versions of these components, security can be immediately improved.

Software

Software Software Analysis Programming

SOFTWARE IS INFRASTRUCTURE

ForAllSecure

OCTOBER 23, 2019

This however has the unfortunate side-effect of imbuing these systems with an additional characteristic - the fusion of hardware and software make these systems essentially cyber-physical systems. By using non-vulnerable versions of these components, security can be immediately improved.

Software

Software Software Analysis Programming

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

ForAllSecure

JUNE 7, 2021

Software drives every area of flight, including flight control, ground-based systems, communication, weather, maintenance systems, infotainment and more. Like any software-based system, aerospace must continually and proactively find and fix security and safety issues before cyber-attackers can exploit them.

Analysis

Analysis Security Software Software

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

ForAllSecure

JUNE 7, 2021

Software drives every area of flight, including flight control, ground-based systems, communication, weather, maintenance systems, infotainment and more. Like any software-based system, aerospace must continually and proactively find and fix security and safety issues before cyber-attackers can exploit them.

Analysis

Analysis Security Software Software

Scaling security: How to build security into the entire development pipeline

CIO Business Intelligence

OCTOBER 31, 2023

When an application is finally ready for deployment, the last thing the development team wants to hear is: “Stop! There’s a security issue.” If you want to make a change, make it in the early stages of the software development lifecycle,” said Pratiksha Panesar, director of cybersecurity at Discover Financial Services.

Security

Security Development How To Applications

Getting ahead of cyberattacks with a DevSecOps approach to web application security

CIO Business Intelligence

JUNE 20, 2023

As such, it’s vital to have a robust and forward-leaning approach to web application security. With an estimated market size of USD $30B by 2030 , the term “application security” takes on numerous forms, but one area of heightened relevance in today’s world is the DevSecOps space. What is DevSecOps?

Applications

Applications Security SDLC Devops

What executives should know about CNAPP

CIO Business Intelligence

AUGUST 9, 2023

First termed in the Gartner Hype Cycle for Cloud Security, 2021, a cloud-native application protection platform (CNAPP) is, as the name implies, a platform approach for securing applications that are cloud-native across the span of the software development lifecycle (SDLC) of the applications. How did It originate?

SDLC

SDLC Agile Applications Cloud

When least privilege is the most important thing

CIO Business Intelligence

NOVEMBER 2, 2023

In the ever-evolving realm of information security, the principle of Least Privilege stands out as the cornerstone of safeguarding sensitive data. Organizations that follow the principle of least privilege can improve their security posture by significantly reducing their attack surface and risk of malware spread.

Backup

Backup Information Security Security Operating Systems

The Evolution of Security Testing

ForAllSecure

JULY 27, 2021

Security needs to be part of the development experience. This has given rise to the application security space. These include static analysis software testing and penetration testing and it assumes that security is binary. You are either secure or insecure, there is no grey area. invalid set of inputs.

Security

Security Applications Development SDLC

How Kaiser Permanente IT shifted from order taker to influencer

CIO Business Intelligence

APRIL 27, 2022

First, Comer set priorities for the IT organization: program and project delivery, delivering on commitments, shifting to a product model, developing new digital platforms while driving greater adoption of the platforms already in place, driving costs down, developing people, and of course, increasing security. “In

Programming

Programming SDLC Development Video

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 29, 2020

You write a program in MATLAB. I'm just always curious how sensors transduce the analog into the digital and from my experience in computer security I know most failures happens at the boundaries between abstractions where there's undefined behavior. Learn More Request Demo. Fu: It is so fundamental. The tools are rather blunt.

Research

Research Engineering Examples System

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 29, 2020

You write a program in MATLAB. I'm just always curious how sensors transduce the analog into the digital and from my experience in computer security I know most failures happens at the boundaries between abstractions where there's undefined behavior. Fu: It is so fundamental. The tools are rather blunt. Vamosi: Okay. Fu: That's right.

Research

Research Engineering Examples System

The Hacker Mind Podcast: Hacking With Light And Sound

ForAllSecure

SEPTEMBER 28, 2020

You write a program in MATLAB. I'm just always curious how sensors transduce the analog into the digital and from my experience in computer security I know most failures happens at the boundaries between abstractions where there's undefined behavior. Fu: It is so fundamental. The tools are rather blunt. Vamosi: Okay. Fu: That's right.

Research

Research Engineering Examples System

What CEOs really need from today’s CIOs

CIO Business Intelligence

AUGUST 3, 2022

Modern delivery is product (rather than project) management , agile development, small cross-functional teams that co-create , and continuous integration and delivery all with a new financial model that funds “value” not “projects.”. If we didn’t move to a platform approach, we would still be funding these huge programs.”.

Architecture

Architecture Software Software Cloud

Information Technology Zone

What Are Security Guardrails? Why Do They Matter to Your AppSec Program?

What Executives Should Know About Shift-Left Security

Webinars

Trending Sources

5 Ways to Prevent Secret Sprawl

Webinars

Challenging ROI Myths Of Static Application Security Testing (SAST)

How Mayhem Is Making AppSec Easy for Small Teams

Challenging ROI Myths Of Static Application Security Testing (SAST)

Challenging ROI Myths Of Static Application Security Testing (SAST)

Software is Infrastructure

Software is Infrastructure

SOFTWARE IS INFRASTRUCTURE

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

Leveraging Fuzz Testing to Achieve ED-203A / DO-356A

Scaling security: How to build security into the entire development pipeline

Getting ahead of cyberattacks with a DevSecOps approach to web application security

What executives should know about CNAPP

When least privilege is the most important thing

The Evolution of Security Testing

How Kaiser Permanente IT shifted from order taker to influencer

The Hacker Mind Podcast: Hacking With Light And Sound

The Hacker Mind Podcast: Hacking With Light And Sound

The Hacker Mind Podcast: Hacking With Light And Sound

What CEOs really need from today’s CIOs

Stay Connected