Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Tripwire launches Penetration Testing Assessment and Industrial Cybersecurity Assessment services to help organizations find vulnerabilities in their systems. [Read More]
Application security startup Cequence Security has raised $17 million in Series B funding round. To date, the company has secured $30 million in funding. [Read More]
Application security firm Contrast Security raises $65 million in a Series D funding round, which brings the total raised by the company to $122 million. [Read More]
Intel announces SGX Card, new capabilities to its Threat Detection Technology, the Host-based Firmware Analyzer tool, and the results of various partnerships. [Read More]
Offensive Security announces the release of Kali Linux 2019.1, which patches bugs and updates Metasploit to version 5.0. [Read More]
SAP's February 2019 security updates address over a dozen vulnerabilities across its product portfolio, including a Hot News flaw in SAP HANA Extended Application Services. [Read More]
Application security firm ShiftLeft raises $20 million in Series B funding round, which brings the total raised by the company to nearly $30 million. [Read More]
Bot protection firm PerimeterX raises $43 million in a Series C funding round, which brings the total raised by the company to over $77 million. [Read More]
The Swiss government has launched a public bug bounty program with rewards of up to $50,000 for its e-voting systems. Researchers from all around the world invited to participate. [Read More]
Web application security firm Signal Sciences raises $35 million in a Series C funding round, which brings the total raised by the company to over $61 million. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.