Code Dx Application Security Blog
ASOC Series Part 1: How Application Security Orchestration and Correlation can improve DevSecOps efficiency
In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations, including efficiency, scalability, and accountability.
There is a well-known problem in AppSec testing, that affects you whether you’re testing one application or thousands, and whether you’re using a few or many AppSec testing tools—time spent triaging false positives and other irrelevant findings.
There’s been a lot of hype around the “shift left” approach of bringing security into the software development lifecycle (SDLC) earlier than with traditional methods, and rightfully so. It’s an important change, as it gives security the attention it deserves throughout the entire SDLC, while speeding up security processes and creating more secure products.
Tool Orchestration Enables AppSec To Keep Pace with DevOps
“Zoom and doom” and “Zoom bombing” are taking over headlines as the Zoom video conferencing app experiences very public security problems. As the coronavirus social distancing requirement spread, Zoom usage increased by 1,900 percent between December and March, increasing from 10 million to 200 million daily users. Zoom wasn’t ready for the increased demand and the added exposure to security threats that came with it.
Cyber security is a broad area, including several items such as network security and application security. If you are a CISO responsible for the cyber security budget, you know that proper protection is key. Cyber attacks can cost your business more than a million dollars, and that number is based on conservative estimates. The real cost of an attack includes damage to your reputation, future lost sales, and plummeting stock prices.
It can be challenging to juggle both application and network security and know how many of your resources you should devote to each program. Organizations often take an either/or approach, focusing more attention on either application security or network security. However, both are equally important for a comprehensive enterprise risk management strategy.
At AppSec Cali 2020 Code Dx CEO Dr. Anita D'Amico and AppSec Researcher Chris Horn, discussed their research on "Do certain types of developers or teams write more secure code? Human Factors in AppSec." This research sought to find out what physical elements...
As business guru Peter Drucker said, “If you can’t measure it, you can’t improve it.” This quote rings especially true when it comes to application security.
Attacks on applications aren’t going away. In fact, there was a 40 percent increase in attacks from August to September of this year. Enterprises must remain diligent, learning about the latest application security trends and developments.
Code Dx Inc. has bested rival startups to win a $2 million “Shark Tank” style venture capital contest. Maryland-based venture capital firm DataTribe said it received hundreds of submissions from companies pitching their business plans in its second annual global competition.
DataTribe recently closed submissions to its second annual DataTribe Challenge, a global competition to identify and develop high-technology startups with a vision to disrupt cybersecurity and data science. In a new Q&A blog series, we spoke with Dr. Anita D’Amico, Chief Executive Officer of Code Dx.
There are many components required to create and carry out an effective cyber security strategy. Enterprises need to use the right tools, possess the right knowledge, plan appropriately, and have well-qualified staff on hand to execute.
One of the biggest challenges facing CISOs today is how to build a secure application strategy. It’s no simple feat to build an application security strategy that is both comprehensive and effective. But it’s essential, as a breach can be quite costly to the organization.
Every Chief Information Security Officer (CISO) knows how important risk management is for the health and safety of the business. Enterprise applications and software systems are under a permanent state of threat, making application security and cyber risk management...
Why do some developers produce secure code, but others do not? What potentially configurable elements impact code quality and security? Software is written by people, and their actions and decisions ultimately affect the security of the code they produce. This...
Code Dx has been named in Gartner’s 2019 Application Security Hype Cycle Report in a key emerging market area: Application Security Orchestration and Correlation (ASOC). Yearly, Gartner produces a report that details the current state of the Application Security Marketplace, including emerging and fading market area trends.
As the number of IoT applications and devices continues to grow, so does the need for improved IoT security—yet the reality is we have a long way to go. A recent article pointed out that more than 2 million security cameras, doorbells, and even baby monitors contain serious IoT vulnerabilities. The worst part is there is no known patch for the common flaws in these everyday devices.
Application security challenges lie not only in the threats and application vulnerabilities themselves, but also in the processes and approaches taken within the organization to manage application security. A closer look at some of the top application security challenges from both a threat standpoint and a business management view can help you avoid some of the most common pitfalls.
Read the interview with Dr. D’Amico to learn more about how Code Dx works.
The number of acronyms to keep track of today continues to grow at a rapid pace, especially in the AppSec industry. For software developers and security testers, SAST and DAST are two commonly used acronyms in the application security testing world, but are often...
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.
At RSA 2019, Deb Radcliff talked with Anita D'Amico, CEO of Code Dx, an application testing company that is one of the DHS-funded startups at RSA. "DHS S&T wants people to adopt good cybersecurity practices, so they're trying to get innovative cybersecurity...
Code Dx CEO Dr. Anita D'Amico, PhD, was featured in an article and interviewed by Cybercrime Magazine. You can read the article by Steven T. Kroll at CyberSecurity Ventures. You can watch the the interview with Dr. D'Amico below.
An article by Ken Prole, CTO of Code Dx, was published in the Security Today magazine’s April 2019 edition.