Essential Guide

Get started Bring yourself up to speed with our introductory content.

How to craft an application security strategy that's airtight

A solid application security strategy must evolve to keep up with today's apps that are based not only in enterprise desktops but also in the cloud and on mobile devices, making setting application security strategy and related policies tricky. This guide will help.


Crafting an effective corporate application security strategy is getting tricky.

That is because, among other things, applications don’t just sit on employee desktops within company walls anymore. Apps now are also riding around on all sorts of mobile, employee-owned devices and in the cloud. What that means is that sensitive corporate data, too, has escaped the bounds of the enterprise.

To set a strategy and create an application security policy means taking all these facts, plus the increased sophistication of hackers, into consideration. This guide aims to outline the various aspects of the issues that must now guide your application security strategy making.

1Appsec overview-

Developing an application security strategy and policies

To set your broad security strategy, and craft an application security policies that really work, may seem daunting. So much to consider! Consider this your starting place. The stories below outline the basics you should take into account, including security program assessments, security testing and how to institute effective training.


Get started building your application security strategy program

Building an effective application security program can be daunting. Sean Martin talks with experts about the best first steps enterprises should take. Continue Reading


How to plan for security in application development

Enterprises push for short development cycles to meet delivery deadlines. Expert Michael Cobb explains how to incorporate application development security into the process. Continue Reading


Divvying up the security must-dos for the dev and ops teams

To secure application development, here's what DevOps teams must do to outplay today's hackers, whose tools and practices have grown very sophisticated. Continue Reading


For an application security strategy to succeed, education is essential

Education and training are crucial parts of a strong application security program. Sean Martin explains how enterprises should build these elements into their programs. Continue Reading

2Best appsec practices-

Best practices for any appsec program

After the basics are in place, next comes the tough stuff that’s required to make sure the applications in use in the enterprise are as secure as they can be. These stories look at specific appsec best practices, in categories like messaging apps, but also consider some of the myths that have developed around the issue of app security best practices.


Make any application security strategy stronger with a hacker mindset

It can be beneficial to think like a black hat. Expert Kevin Beaver explains why enterprise security teams should apply a hacker mindset to their work and how it can help. Continue Reading


Increase obstacles for hackers with app layer security

Hackers will exploit any entrance to enterprise data they can find. Make sure to erect more than just a network-level fence to ensure nobody crashes the data party. Continue Reading


Learn these essential app login fixes to keep things secure

Flawed web application login security can leave an enterprise vulnerable to attacks. Expert Kevin Beaver reviews the most common mistakes and how to fix them. Continue Reading


Gary McGraw on the seven best practices myths

According to expert Gary McGraw, you're not helping yourself by believing the things -- all seven of them -- you've heard about secure software development. Continue Reading


Cutting the security risk in enterprise messaging apps

As more companies tap into enterprise messaging services, certain security considerations arise. Encryption, for instance, is a core requirement for any service. Continue Reading


Applying an application security strategy to cloud

Mobile is everywhere, when it comes to apps, and so is cloud. In fact, some would argue that cloud-based applications present one of the biggest challenges for infosec pros today. In this section of our guide, we look at application security policy issues raised by the spread of cloud -- private, public and hybrid -- and touch on ways to secure enterprise data and systems that can now be accessed by devices outside the traditional enterprise security perimeter.


How cloud apps challenge application security policies

Securing custom applications in the cloud can be a hassle for enterprises. Expert Ed Moyle discusses how to make it easier to secure custom cloud apps. Continue Reading


Essential API best practices to up your app security posture

APIs are everywhere, and that's just one reason they're so difficult to keep secure. Expert Tom Nolle outlines a detailed, multipart security strategy. Continue Reading

Blog Post

What cloud-based custom apps mean for app security

New research shows that custom applications in the cloud are running more core business functions today -- without IT security knowing about it. Continue Reading


Ways to securely deliver public and private cloud apps

The influx of mobile devices and apps has given IT departments a new mandate: Securely and efficiently deliver mobile apps to end users. Continue Reading


Mobile and more: Topics in application security

This segment of our guide is packed with actionable advice on several topics, including the vital security concerns that mobile applications raise. Learn more now about how to approach mobile application security and related policy. Be sure not to miss the collection of expert podcasts that rounds out this segment.


Better security through mobile application assessments

Mobile application assessments can help enterprises decide which apps to allow, improving security. Christopher Crowley of the SANS Institute discusses how to use app assessments. Continue Reading


Five ways to get better mobile application security now

The cost of a stolen mobile device is nothing compared to the value of lost data. To ensure mobile app security, IT should consider policies beyond mobile device management. Continue Reading


Survey shows pros divided on application security strategy

There is a huge gap between IT and security professionals around several key aspects of application security, a survey reveals Continue Reading


Your application security policies must consider Web-related weaknesses

Web application security vulnerabilities can exist from browser to SSL/TLS. Expert Brad Causey explains how application security testing and Web application firewalls can address this. Continue Reading


Expert podcasts consider multiple security questions is pleased to partner with Gary McGraw to feature his monthly Silver Bullet software security podcasts, which discuss best practices in software security. Continue Reading

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.