AppSec Blog: Category - Secure SDLC

Securing the SDLC: Dynamic Testing Java Web Apps

Editors Note: Today's post is from Gregory Leonard. Gregory is an application security consultant at Optiv Security, Inc and a SANS instructor for DEV541 Secure Coding in Java/JEE. Introduction The creation and integration of a secure development lifecycle (SDLC) can be an intimidating, even overwhelming, task. There are so many aspects that need to … Continue reading Securing the SDLC: Dynamic Testing Java Web Apps


Static Analysis and Code Reviews in Agile and DevOps

Editors Note: Today's post is from Jim Bird. Jim is the co-founder and CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. In this post, Jim covers how to perform secure code analysis in an Agile development lifecycle. More and more … Continue reading Static Analysis and Code Reviews in Agile and DevOps


2015 State of Application Security: Closing the Gap

The 2015 SANS State of Application Security Analyst Paper and webcasts are complete. This year, Jim Bird, the lead author of the SANS Application Security Survey series, Frank Kim, and I all participated in writing the questions, analyzing the results, drafting the paper, and preparing the webcast material. In the 2015 survey, we split the … Continue reading 2015 State of Application Security: Closing the Gap


DevOps is Killing Maintenance. Let's Celebrate.

DevOps probably isn't killing developers. But it is changing how people think about development - from running projects to a focus on building and running services. And more importantly, DevOps is killing maintenance, or sustaining engineering, or whatever managers want to call it. And that's something that we should all celebrate. High-bandwidth collaboration and rapid … Continue reading DevOps is Killing Maintenance. Let's Celebrate.


Secure Software Development Lifecycle Overview

In a previous post, we received a question asking, "what is a secure software development lifecycle"? This is an excellent question, and one that I receive quite often from organizations during an application security assessment. Let's quickly review the Software Development Lifecycle, also known as the SDLC. The goal of an SDLC is to provide … Continue reading Secure Software Development Lifecycle Overview