application security

How To Build A Security-Driven Organization - The Human Element

Despite the advances in technology, there’s still a very human element to whether a company embraces security practices. This article examines the impact that organizational culture has on a company's ability to adopt a security-driven mindset and offers some pragmatic tips on overcoming oft-encountered challenges.

Citizen Development - It’s Everywhere, Unstoppable, And Good - Part II

Software tools that empower employees to create and automate workflows should be easy to use. Plain and simple: They are not programming utilities. And they should not look like programming utilities.

Citizen Development - It’s Everywhere, Unstoppable, and Good

Citizen development – when non-programmers create useful software solutions – is excellent for driving business productivity.It lets employees that own business problems to own – and build – business solutions. Unlike with software written by a company’s IT developers or outside contractors, citizen development involves a minimum of red tape and funding, gets directly to the heart of what the employee was trying to accomplish, and can make lots of people happy. If it’s done right.

Grant Access to Workflows, Not to Systems or Data

It happens all the time: Employees, departments or even third-party entities request access to business applications so they can perform important tasks. How much access should they be granted - and to which systems and data. Expert Mike Fitzmaurice sheds some light on enterprise application workflow best practices.

Unlike Lasagne, in InfoSec, There is No Layer Eight

2016 saw a record setting number of cyberattacks, resulting in the most records stolen in the seventeen years that breaches have been tracked. When you can’t secure the network any longer, what do you do? Shifting to a runtime protection approach will require a bit of retooling, but the end-result will be—finally—slowing the attacks that threaten every organization, every day.

Thank You AppSec California. I Am Eager to See You Again!

After attending AppSec California this past January, Arleena Faith learned some interesting lessons that she wanted to share with other Software Developers and professionals in the Software Security field. The topics included in this Experts Corner range from insights on scaling a Software Security Initiative to automating Security Testing within the pipeline.

SECURE DESIGN PRINCIPLES: How to Build Stuff Against Attacks

There is an overarching theme driving these security breaches: ineffective adherence to secure design principles. Expert Ted Harrington explores the world of secure design principles (and anti-principles) as a means to build resilient systems.

Crowdsourced Application Security: The Human Power

Would you feel comfortable hiring a hacker? Caroline Wong, CISSP and VP of Security Strategy at Cobalt, discusses the benefits and risks to using the power of the people – crowdsourced application security programs – at this OWASP AppSec session.

OWASP AppSec California Brings Diversity to the Beach

At this year’s AppSec California conference – a yearly event for InfoSec professionals, developers, pentesters, and QA and testing professionals – the Women in Security panel was among the most highly attended, a very clear indication that this topic resonates strongly with both women and men.

Good Bots, Bad Bots, and Humans. Can You Tell Who Is Who?

Good Bots. Bad Bots. Can you tell those apart from the ‘normal’ traffic generated by the humans using your network? Sean Martin works with the team at Distil Networks to identify 10 ways to spot bad bots on your network?

To Win The Cyber War We Must Explore Alternative Realities

At this point, it should seem clear we are losing the cyber war. Digital security is getting worse because of lock-in. So how is this impacting our security posture? Jamison Utter explains.

There Is No Standard Career In Cybersecurity. However...

Many are lured by the fascinating and lucrative field of cybersecurity, but the prerequisites for entry-level positions are often daunting. Learn from expert Mikhael Felker how to gain experience that will position you for a successful career in InfoSec.

Certifications and Ratings in the Cybersecurity Guarantee Market

When it comes to the creation of this market, it all boils down to supply and demand. Jeremiah Grossman is nudging the supply along - letting people get a taste of it - and hopefully the market will soon start demanding it. In this article, Sean Martin explores the cyber guarantee portion of the topic and the ability to create a new market from scratch.