You're never finished with application security—ever. You can design in all the security controls you want into your software, follow every capability maturity and software development model out there, and test the daylights out of all your apps. But at the end of the day, you are never done. There’s always something you overlooked, or left behind, or that crept into your code creates an exploitable vulnerability.
TechBeacon’s top 10 security stories of 2016 cover the range of issues and trends that will help you get focused on what you may have missed so that you can move forward, with better app security, in the coming year.
57 open source app sec tools: A guide to free application security software
Security must be an integral part of any application development process; you can't just bolt it on as an afterthought at the end of the cycle. But integrating it into your development and delivery agenda doesn’t have to be expensive, thanks to a slew of free open source application security tools. TechBeacon's Mike Perrow offers this handy guide to the best of them.
5 emerging security technologies set to level the battlefield
If there’s one thing that security professionals don’t lack, it's security tools. In recent years, security vendors have flooded the market with a vast array of products and services designed to protect against every conceivable threat out there, and then some. But do you know which tools will matter the most in coming years? TechBeacon contributor John P. Mello reports on five emerging technologies that could level the playing field.
How to hack an app: 8 best practices for pen testing mobile apps
Whether you like them or not, mobile applications are not going away. Users will continue to download and use them in the enterprise, without regard for the security implications. That means it’s up to you to perform penstration testing to ensure that the apps people use don’t pose a risk to enterprise security. Johanna Curiel, co-founder of Ossecsoft, offers a set of recommendations for pen testing mobile apps.
Pen testing cloud-based apps: A step-by-step guide
Penetration testing is a good way to unearth vulnerabilities in software. But it is one thing to pen test on-premise applications and quite another to pen test applications that run in the public cloud. In addition to the technical challenges, you'll face legal obstacles. David Linthicum, senior vice president at Cloud Technology Partners, explains all hurdles you need to overcome when conducting pen tests on your cloud-based apps.
DevSecOps: 9 ways DevOps and automation bolster security, compliance
Contrary to what some might believe, DevOps practices aren't incompatible with information security best practices. In fact, if done right, DevOps can bolster application security by helping to identify and mitigate security issues earlier in the development lifecycle. DevOps can also help speed up the automation of information security functions and services. Electric Cloud CTO Anders Wallgren explains how.
State of app security 2016: Most common vulnerabilities, top trends
Developers and security experts have acknowledged the need to bake in security during development, not bolt it on at the end of the process. The Open Web Application Security Project, and other efforts, have led to some progress in this area. But a lot of work remains to be done in making security an integral part of the application development lifecycle, reports contributor Jaikumar Vijayan.
Cloud app security: How not to fail
Software developers tend not to think of themselves as responsible for security. That’s a mistake. Trends such as the movement to DevOps and CloudOps, and the growing need for organizations to enable authentication at the application layer, are driving the need for cloud app developers to become experts in security. David Linthicum offers advice on the high-level concepts that developers need to focus on if they want to succeed at cloud app security.
32 app sec stats you should be tracking
Most organizations manage a mix of Web, mobile, open-source and cloud applications, and each environment presents its own set of security challenges. That's why it's important to keep an eye on the latest trends and practices in each realm. Did you know, for instance, that most organizations plan to spend more on application security in 2017 than they did last year, and that near 8 in 10 use open source security tools? Jaikumar Vijayan reports on 32 app sec trends that you should be watching.
4 ways to exploit microservices architecture for better app sec
The microservices approach to software development enables faster and more frequent updates, and mitigates some of the challenges involved in ensuring that different development groups work and release in tandem. But are you aware of all of the security issues associated with microservices? Do you know why security professionals react to microservices with so much trepidation and skepticism? Bernard Golden, CEO of Navica, lays it all out.
6 application security lessons every team should study
One of the first dictums of application security is to never trust users to behave in a secure manner. Other fundamentals you need to keep in mind at all times include never having hard-coded credentials in your applications, and not forgetting that you are ultimately responsible for the security of not just your own apps, but third-party software as well. Security Journey's Chris Romeo describes the six app sec lessons all security teams should study.
Keep learning
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed fast on the state of app sec testing with TechBeacon's Guide. Plus: Get Gartner's 2021 Magic Quadrant for AST.
Get a handle on the app sec tools landscape with TechBeacon's Guide to Application Security Tools 2021.
Download the free The Forrester Wave for Static Application Security Testing. Plus: Learn how a SAST-DAST combo can boost your security in this Webinar.
Understand the five reasons why API security needs access management.
Learn how to build an app sec strategy for the next decade, and spend a day in the life of an application security developer.
Build a modern app sec foundation with TechBeacon's Guide.