Fergal Glynn

A CISO’s Guide To Application Security – Part 5: Justifying an Investment in AppSec

This post is the last in a 5-part series on Application Security, or “AppSec”. By Fergal GlynnThis blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline.

A CISO’s Guide To Application Security – Part 4: Weighing AppSec Technology Options

This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, VeracodeAs we have examined in this series, the information security practice called Application Security (or “AppSec”) seeks to protect all of the software that runs a business. It has three distinct objectives:1) Measurable reduction of risk from existing applications2) Prevention of introduction of new risks3) Ensuring compliance with regulatory mandates

A CISO’s Guide To Application Security – Part 3: Toward an AppSec Center of Excellence

This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal GlynnThis series began with a general definition of Application Security (“AppSec”) as a fundamental infosec practice that addresses the reduction of both immediate and systemic software risk. When undertaken correctly, AppSec takes a systematic, programmatic approach to hardening business-critical software, from the inside. That’s not to say that organizations must over-invest in an advanced program from the start to be effective – in fact, quite the opposite.

A CISO’s Guide To Application Security – Part 2: The Growing Threat to Applications

by Fergal Glynn

Editor’s Note: This post is the second in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, Veracode Inc.

A CISO’s Guide To Application Security – Part 1: Defining AppSec

by Fergal Glynn
1

Editor’s Note: This post is the first in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.by Fergal Glynn, Veracode Inc.

Quality Coding Takes A Break For The Holidays. But Why?

by Fergal Glynn
13

by Fergal Glynn, Director of Marketing, VeracodeI recently read a blog post by CloudFlare and Shawn Graham that asked a fantastic (and timely) question: “Do Hackers Take The Holidays Off?” CloudFlare sees traffic for hundreds of thousands of websites and was able to answer the question. They looked at the average percentage of requests that constitute threats, graphed the deviation, and then overlaid any events happening on those days. Their conclusion: it depends on the holiday.

Cybersecurity for your growing business
Cybersecurity for your growing business

Topics

Show all

Authors

Threatpost

InfoSec Insider

Infosec Insider Post

Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Content

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.