Yearly Archives: 2016

Effective Application Security Testing in DevOps Pipelines

Introduction Businesses and development teams are rushing to embrace DevOps so they can be more agile, deploy code more quickly, and provide more value to their customers. Hallmarks of DevOps initiatives are support for significant automation, flexible provisioning, and cultural support for shared responsibilities. This often makes security teams uncomfortable, and they find themselves on […]

Black Friday Security Checklist for Retail Companies

If you’re lucky enough to work at a retail company, the next several weeks of holiday shopping may be the difference between a financially successful or unsuccessful year. As buyers, we’re all too familiar with the holiday shopping season, regardless of whether we either choose to buy our gifts from Amazon and other online retailers, […]

The Need for Speed: Application Security in a DevOps World

Over the summer, I had the opportunity to present at the RSA Asia Pacific & Japan Conference on the topic of DevOps and security. In the last 6-12 months, and especially in the time since submitting this topic, we’ve seen the accelerated rise of DevOps. The challenge is that we haven’t solved the problem of […]

Bringing Sanity to BlackHat Week – A Survival Guide for First-Timers

Ahhhhh. BlackHat Eve. That week before Black Hat where overworked security folks all over the world attempt to clear out their email inboxes prior to jetting out to Las Vegas for a week in enclosed conference centers with thousands of other like-minded security nerds. But when we talk about Black Hat as a singular event […]

What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market

If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients can view it at https://www.gartner.com/doc/3376617/hype-cycle-application-security-). This is potentially a deeply important step for the application security market because it provides clarity around a set of […]

2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]