Filtering on: Appsec program

  • Managing Dependencies

    Security Appsec program

    A common question came up again this week working with a developer (and friend) at a partner that does custom software development.

  • A Trello Template for AppSec Program Projects

    Security Appsec program


  • What is an AppSec Program

    Security Appsec program

    Most companies that we work with are building software. That’s not a surprise because that’s our niche. Yet a surprising number of those companies don’t know about application security programs. Even companies with sophisticated security teams often struggle with application security and don’t take a programmatic approach to it. Why? Because it is really hard and requires knowledge of how application development and SDLC’s work. In this post, I’ll talk about some of the high level parts of successful AppSec Programs we’ve seen.

  • Security in the SDCL (Reboot)

    Security Appsec program Sdlc

    Today I was looking back for my blog posts about security in the SDLC from 2012-2016 and I realized that I had never migrated them forward to the new website when we updated. Whoops! So … in this post I want to recap in some detail what I’ve learned about security in the SDLC.