State of software security: What 2017 taught us
By: Veracode, Inc. View more from Veracode, Inc. >>
Download this next:
How to choose the right AppSec vendor/offering
By: Veracode, Inc.
Type: Resource
The adoption of application security (AppSec) tools and capabilities has seen a steady rise in popularity over the last decade, with no signs of slowing down.
However, each organization’s application environment is unique – requiring an AppSec program that is custom-fit to their unique needs.
Read this infosheet to for helpful guidance when it comes to evaluating and choosing the right AppSec vendor/offering.
These are also closely related to: "State of software security: What 2017 taught us"
-
How Do Vulnerabilities Get into Software?
By: Veracode, Inc.
Type: White Paper
According to the Department of Homeland Security, 90% of security incidents result from exploits against defects in software. While it’s important to focus on external threats, it’s equally critical to ensure the management of internal vulnerabilities.
In this white paper, take an in-depth look at 4 common causes that lead to software vulnerabilities, which include:
- Insecure coding practices
- The evolving threat landscape
- Reusing vulnerable components & code
- Programming language idiosyncrasies
-
Find more content like what you just read:
-
Application security: best practices and risks
By: TechTarget ComputerWeekly.com
Type: eGuide
Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.
-
DevSecOps delivers better business
By: TechTarget ComputerWeekly.com
Type: eGuide
Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.
-
Application security: More important than ever
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we look at why application security is more important than ever due to traditional software and cloud-based, web and mobile applications playing an increasingly important role in business.
-
5 principles for securing DevOps
By: Veracode, Inc.
Type: White Paper
Integrating security operations into pre-existing DevOps processes can yield numerous business benefits – including a measurable growth in both profit and revenue. Read this whitepaper to unlock the 5 principles of DevSecOps to help you get started.
-
SAST vs. DAST: What Are the Differences and Why Are They Both Important?
By: Veracode, Inc.
Type: Resource
If you only use SAST, you miss out on detecting critical flaws from open source vulnerabilities and configuration errors. The more application security scan types you employ, the more flaws you uncover. This infographic dives deeper into the differences between SAST and DAST, and establishes the benefits of using both scan types in unison.
-
Web-facing applications: Security assessment tools and strategies
By: TechTarget Security
Type: White Paper
Read this expert E-guide to find out how you can properly asses web application threats and the tools your organization can use for protection. Learn how to mitigate likely web application threats and how you can ensure your business is protected.
-
What security pros need to know about software development today
By: Veracode, Inc.
Type: Resource
Download this resource to learn about how software development tools and processes changed recently, challenges developers run into while trying to balance these new tools and processes, and what security professionals can do to get developers fully on board with security.
-
CW Benelux February 2018
By: TechTarget ComputerWeekly.com
Type: Ezine
In this issue, read about how and why one public sector IT professional in the Netherlands, Victor Gevers, took a whole year out to hack ethically and, in the process, unearthed about 1,000 vulnerabilities.
-
The state of penetration risk
By: Coalfire
Type: Research Content
By studying new attacks, and analyzing adversarial behavior, organizations can better track and understand attackers, their goals and their tactics. Download this report on the state of penetration risk to unlock statistics and information that you can use to develop a threat-informed cybersecurity strategy for your organization.
-
Vulnerability management trends for 2024
By: JFrog
Type: Research Content
44% of organizations have a formal vulnerability management program in place internally, with 28% of organizations identifying 100 or more vulnerabilities each month. These findings and more are from Dark Reading’s The State of Vulnerability Management Report. Read the report here.
-
Expert ways to maximize security in Exchange
By: TechTarget Data Center
Type: eGuide
This expert e-guide provides tips for maximizing Exchange security, including how to leverage the enhanced capabilities in Forefront Protection 2010. In addition, it reviews the 6 most commonly overlooked Exchange security vulnerabilities.
-
Application security testing: Protecting your application and data
By: TechTarget Security
Type: eBook
Application security testing is critical in ensuring your data and applications are safe from security attack. This e-book, written for IT management, including QA and development managers, explains the basics of application security and then delves deeper into common vulnerabilities and performance concerns.
-
Web Application Firewalls: Patching, SDLC Key for Security, Compliance
By: TechTarget Security
Type: eGuide
In this expert e-guide, discover how web application firewalls (WAFs), combined with a strong software development lifecycle (SDLC), are playing an essential role in web application security and compliance. See how you can achieve a strategic, defense-in-depth approach to enterprise security by reading on now.
-
Proactive Security: Software vulnerability management and beyond
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we discover why modern security professionals are moving to a more pro-active approach to cyber defence, and how managing vulnerabilities is a key element of that.
-
7 advantages of a SaaS-based application security program
By: Veracode, Inc.
Type: Resource
In this infographic, discover 7 advantages of a SaaS-based application security program vs. on-premises.
-
IDC TechBrief: Interactive Application Security Testing
By: Contrast Security
Type: White Paper
With modern application development operating at break-neck speeds, DevOps teams pressured by deadlines are often forced to compromise security for efficiency’s sake. This white paper examines the benefits of using interactive application security testing to mitigate the security risk and complexities of using DevSecOps. Read on to learn more.
-
E-Guide: Integrating security into the ALM lifecycle
By: TechTarget Security
Type: eGuide
In this expert e-guide, readers will learn the risks businesses take by not taking security measures seriously and what can be done to help integrate security with application lifecycle management.
-
Infographic: 5 essential open source cybersecurity tools for 2022
By: TechTarget ComputerWeekly.com
Type: Infographic
There are countless open source cybersecurity tools available in the market and some of them have become essential for finding vulnerabilities in 2022. In this infographic, we highlight five tools that have proven to be highly efficient and reliable and can be combined with other tools to help build up your defences.
-
Moving beyond traditional AppSec: The growing software attack surface
By: ReversingLabs
Type: White Paper
According to findings from ReversingLabs’ recent study, software supply chain threats rose 1300% between 2021 to 2023. This buyer’s guide to supply chain security analyzes the current state of supply chain attacks and distills the analysis into actionable information you can use to choose an offering. Download now to learn more.
-
CW ASEAN: Time to dial up defences
By: TechTarget ComputerWeekly.com
Type: Ezine
In this month's issue of CW ASEAN, we take a closer look at ASEAN's patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats.
-
What should you ask a pentesting service provider?
By: Trustwave
Type: White Paper
To augment their security stances, many organizations have partnered with a penetration testing (pentesting) service provider. Is your business considering doing the same? Step in “11 Questions to Ask Your Pentesting Service Provider,” a white paper that can guide your market exploration. Read now to unlock insights.
-
Security and risk management in the wake of the Log4j vulnerability
By: Tanium
Type: eBook
Read this e-book to get a quick refresher on the Log4j vulnerability and its threat, the longer-term issues of software management, compliance risks, and threat hunting — and how security and risk teams should rethink their roles and processes as a result.
-
State of software security 2024
By: Veracode, Inc.
Type: Research Content
71% of organizations have security debt, with 46% of organizations having persistent, high-severity flaws that constitute critical security debt, according to Veracode’s State of Software Security for 2024. Dive into the report here.
-
Technical Guide on Malware Trends
By: TechTarget Security
Type: eGuide
TechTarget’s Security Media Group presents a comprehensive guide to malware trends. Our experts help you adopt your security strategies, policies and spending to address the ever-changing and customized world of malware to keep targeted attacks, phishing scams and other malware-based attacks at bay.
-
Web security: Important but often overlooked
By: TechTarget ComputerWeekly.com
Type: eGuide
In this e-guide we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.
-
App Sec Tools Need a Software Supply Chain Security Upgrade.
By: ReversingLabs
Type: White Paper
Learn why traditional application security testing tools alone leave your organization exposed to supply chain attacks — and how software supply chain security tools represent an evolution of traditional application security tools, ensuring end-to-end software security.
-
An overview of attack surface management (ASM)
By: Palo Alto Networks
Type: eBook
With more cloud environments and digital assets in play than ever before, the enterprise attack surface has become increasingly complex and difficult to manage. This Attack Surface Management (ASM) for Dummies, e-book presents a coherent overview of ASM. Download now to unlock the extensive e-book and all the insights contained within it.
-
Print security: An imperative in the IoT era
By: TechTarget ComputerWeekly.com
Type: Analyst Report
Analyst group Quocirca gives the perspective on the risks and best practices of print security.
-
AWS Differences between Active and Passive IAST and how to get the best of both worlds
By: Contrast Security
Type: White Paper
Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.
-
Computer Weekly – 19 December 2023: The ransomware threat to UK critical infrastructure
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, a parliamentary report warns that a lack of ransomware preparedness at the highest levels of government is leaving UK critical national infrastructure dangerously exposed – we analyse the risks. We also examine how AI tools are helping to enhance cloud security. Read the issue now.
-
Computer Weekly – 21 August 2018: Delivering the potential of the internet of things
By: TechTarget ComputerWeekly.com
Type: Ezine
In this week's Computer Weekly, we hear from early adopters of internet of things technologies about how to deliver on the potential of IoT. We examine strategies for combining hyper-converged infrastructure and cloud storage to best effect. And we find out how the UK government intends to use data to improve Britain's railways. Read the issue now.
-
Computer Weekly – 16 January 2018: How to fix the Meltdown and Spectre chip flaws
By: TechTarget ComputerWeekly.com
Type: eBook
In this week's Computer Weekly, as CIOs come to terms with the Meltdown and Spectre processor flaws that make every computer a security risk, we examine how to protect your IT estate. We find out how Alexa-style smart speakers can help with CRM strategies. And we look at how the public sector is implementing DevOps. Read the issue now.
-
Next-generation DAST: Introducing interactive application security testing (IAST)
By: Contrast Security
Type: White Paper
While dynamic application security testing (DAST) has been a go-to AppSec testing technique for decades, it is not without its drawbacks. This is where interactive application security testing (IAST) comes into play, building off of DAST, but analyzing apps from the inside out, rather than from the outside in. Read this white paper to learn more.
-
ESG's research exposes how the security analyst role must evolve
By: Contrast Security
Type: ESG Showcase
Access this report from Enterprise Strategy Group (ESG) to discover how the role of security analyst is evolving to work with (instead of against) development, and learn what actions you can take now to set your organization up for success.
-
A Computer Weekly buyer's guide to secure and agile app development
By: TechTarget ComputerWeekly.com
Type: eGuide
As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding
-
30-page e-book: IoT security benchmark report 2023
By: Palo Alto Networks
Type: eBook
81% of security leaders surveyed by Starfleet Research reported that their business was struck by an IoT-focused attack within the past year. So, how can you boost IoT security at your own organization? Find guidance in this 30-page e-book.
-
OWASP Top Ten: How to keep up
By: Contrast Security
Type: eBook
The newest addition to the OWASP Top Ten was recently published to help organizations assess their application security efforts – but false positives could lead to unnecessary stress. Download now to learn how Contrast’s observability platforms is designed to keep up with the rapidly expanding scope of the OWASP Top Ten.
-
Top 10 IT security stories of 2018
By: TechTarget ComputerWeekly.com
Type: eGuide
The discovery of the Meltdown and Spectre microprocessor vulnerabilities, and several similar vulnerabilities in the months that followed, were probably the single most challenging developments for enterprise IT security teams in 2018. Here's a look back over Computer Weekly's top 10 IT Security stories of 2018.
-
Perimeter Security Noise Leaves Applications Vulnerable to Attacks
By: Contrast Security
Type: White Paper
Learn how you can get AppSec protection that can compensate with the necessary visibility, accuracy, scalability, and ease of deployment to keep pace with modern application vulnerabilities without generating false positives and false negatives.
-
The Buyer’s Guide to Complete Cloud Security
By: CrowdStrike
Type: Buyer's Guide
Conventional approaches to security can’t deliver the granular visibility and control needed to manage cloud risk, particularly risk associated with containers. This buyer’s guide captures the definitive criteria for choosing the right cloud-native application protection platform (CNAPP) and partner.
-
The exploitation of flaws in the HTTPS protocol
By: TechTarget ComputerWeekly.com
Type: Research Content
For both technical and non-technical users, the presence of "HTTPS" in a website URL will provide confidence to consider entering sensitive information such as bank or credit card details. However, even websites owned by the most reputable organisations may be exposed to attack if HTTPS is not properly implemented.
-
How intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks
By: TechTarget ComputerWeekly.com
Type: Research Content
This article in our Royal Holloway security series explains how intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks
-
ServiceNow Security Operations: The essential use case guide
By: ServiceNow
Type: eBook
The skills shortage and increasing cyberattacks continue to challenge security teams, slowing their responses to security incidents. To help teams avoid disaster, ServiceNow developed Security Operations and the Now Platform. Learn about how these solutions work in this guide.
-
A comprehensive hybrid cloud security model
By: Palo Alto Networks
Type: White Paper
In a recent survey, 85% of IT pros selected hybrid cloud as their ideal operating model. However, these clouds come with their share of complexity. Namely, they require a high level of interconnectivity, which increases the risk of malware attacks, or worse. Don’t delay – Leverage this white paper to learn how to secure your hybrid environment.
-
A guide to continuous software delivery
By: TechTarget ComputerWeekly.com
Type: eBook
Software empowers business strategy. In this e-guide we explore how to deliver new software-powered functionality for continuous business improvement.
-
E-Guide: Expert insights to application security testing and performance
By: TechTarget Security
Type: eGuide
Two of the biggest challenges in an organization’s application security strategies are testing and integrating best practices within the application lifecycle. In this E-Guide, readers will learn best practices for testing injection integrating security measures into the application lifecycle.
-
IT in Europe: Taking control of smartphones: Are MDMs up to the task?
By: TechTarget Security
Type: Ezine
In this Special European edition of Information Security magazine, gain key insight into the increasing risks of mobile devices and the strategies and tools needed to mitigate them. View now to also explore VDI security, cybersecurity threats, IT consumerization deluge, and much more.