Layered security only works if the layers are, y'know, secure.
OWASP's Proactive Controls help build secure software but motivating developers to write secure code can be challenging.
Tackling the security policy-to-execution gap requires integrating security, risk, and workflows. Here's how to get started.
The best way to deal with both rattlesnakes and security breaches is to avoid them to begin with. Security automation can be a great help here.
Testing cryptographic-enabled apps is difficult—and getting harder. Here's one key tip: Don't write your own cryptographic software!
Hobbs, Kerckhoffs and Shannon were right: Security by obscurity is no security at all.
A web application firewall is your first layer of defense. It's open source, free, and enables virtual patching. Here's how to make it manageable.
Insider threats are getting worse. Will AI and machine learning be able to help?
Shadow IT could be a far bigger problem than you first thought.
Automated security testing is the way to go. Here's why, the caveats to keep in mind, and some suggestions for getting started.

Pages