We have already discussed how Application Security Orchestration and Correlation (ASOC) makes the AppSec process more efficient and scalable. In this final post in our ASOC series, we will demonstrate how ASOC tools bring accountability to both the technical and business sides of application security.
AppSec Classroom
ASOC Series Part 2: How to scale AppSec with Application Security automation
In our first piece on Application Security Orchestration and Correlation (ASOC), we looked at how this new application security trend improves DevSecOps efficiency. We will now focus on the second primary benefit of ASOC tools—scalability.
ASOC Series Part 1: How Application Security Orchestration and Correlation can improve DevSecOps efficiency
In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations, including efficiency, scalability, and accountability.
How to use machine learning to win the time battle against AppSec triage
There is a well-known problem in AppSec testing, that affects you whether you’re testing one application or thousands, and whether you’re using a few or many AppSec testing tools—time spent triaging false positives and other irrelevant findings.
Fostering DevSecOps: Tool orchestration enables AppSec to keep pace with DevOps
Tool Orchestration Enables AppSec To Keep Pace with DevOps
How to create an effective application security budget for your organization
Cyber security is a broad area, including several items such as network security and application security. If you are a CISO responsible for the cyber security budget, you know that proper protection is key. Cyber attacks can cost your business more than a million dollars, and that number is based on conservative estimates. The real cost of an attack includes damage to your reputation, future lost sales, and plummeting stock prices.
Do certain types of developers or teams write more secure code?
At AppSec Cali 2020 Code Dx CEO Dr. Anita D'Amico and AppSec Researcher Chris Horn, discussed their research on "Do certain types of developers or teams write more secure code? Human Factors in AppSec." This research sought to find out what physical elements...
Human Factors talk given at AppSec Amsterdam 2019
Why do some developers produce secure code, but others do not? What potentially configurable elements impact code quality and security? Software is written by people, and their actions and decisions ultimately affect the security of the code they produce. This...
SAST vs DAST: What is the right choice for application security testing?
The number of acronyms to keep track of today continues to grow at a rapid pace, especially in the AppSec industry. For software developers and security testers, SAST and DAST are two commonly used acronyms in the application security testing world, but are often...
Vulnerability Management: Is 100% code and vulnerability coverage realistic?
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.