Top Assets

WhiteHat Security’s Most Popular Whitepapers of 2017

most popular whitepapers

In 2017, we made a concerted effort to provide more helpful resources to the application security space, and we’re thrilled that these assets were of value to so many people and organizations, across a multitude of industries.

Here’s a rundown of some of our most popular whitepapers of 2017:

  1. Ironclad APIs: An Approach to Application Security Testing

    I’m sure the term “API Economy” is becoming familiar to you by now. After all, APIs change how the world interacts. Everything from sharing a photo, to online shopping, to hailing a cab, is done through APIs. And this technical innovation is happening faster every single day. WhiteHat Security’s “Ironclad APIs” whitepaper gives step-by-step best testing practices from authentication to authorization, from Source Code Analysis to Business Logic Testing. APIs are here to stay and there are security issues that need to be addressed when these APIs are being implemented. When security is implemented into your development organization, developers can then run security tools, such as WhiteHat Scout and Sentinel Source against these newly created APIs. This ensures that testing is performed on any web application component. Download the full paper here.


  2. 2017 Application Security Statistics Report: The Case for DevSecOps

    2017 marked the 12th year of our AppSec Stats Report, and for the first time it provided substantial metrics around DevSecOps. The 60-page security report covers DAST, SAST and Mobile App Security Testing, as well as how all three can work together seamlessly. It also provides key best practices on how to get started on a successful AppSec journey.
    In addition, in the section of this report titled, “Case Study: Making the Case for DevSecOps”, we’ve profiled a WhiteHat customer that implemented a program for creating “Security Heroes” in the development organization, putting the training and infrastructure in place necessary to support secure coding in Rugged DevOps. The results were impressive: critical vulnerabilities in applications in development and in production were resolved in a fraction of the time that it takes organizations that haven’t engaged DevOps teams in security efforts. Download it here.


  1. Getting the Board Onboard with Application Security: Best Practice Guide

    One of the patterns we saw across the industry, was that more and more CISOs were at a loss for where to start an AppSec program, much less sell it to the board of directors. While many board members understand the concepts and terms used in Network Security or Perimeter Security, Application Security, as a concept and discipline, is not quite firmly defined. This paper gives Security Executives and Advisors the right information to educate their peers, colleagues, and executives about initiating a successful application security program, including, making application security visible to executives, as well as security and development organizations; provides guidance for building and managing application security processes; how to measure and manage application security risks and processes; and assure compliance of applications with security regulations for privacy, data protection and information security. Read the full paper here. (There is also a great webinar on the subject)

  2. Design Secure Software from the First Line of Code

    Latency, bottlenecks and security teams finding vulnerabilities after a product has been coded and released have been consistent problems for developers. After all, developers have their own tools and processes that they use, and adding additional security is often seen as a huge burden. They need security to work seamlessly with their individual process, and from within their unique environment. The developers who understand the importance of application security either wrongly assume that the AppSec team will take care of it, or they are not aware of how to fix the flaws themselves.

    This paper helps the reader understand how to shift security further left in the SDLC, how to empower developers to write secure software, and an unmatched way to develop secure applications in the age of DevOps and Continuous Integration/Continuous Delivery (CI/CD). Read the full whitepaper here.


  3. The Art of Application Security: Getting Started with DevSecOps

    We wrote this paper to shine some truth on the subject of DevSecOps. It’s often a seductive term throughout many industries, sometimes thrown around ad nauseam without sufficient explanation of what it demands. What you will find in this paper, is a “blueprint” or best practices for application security, and substantial evidence of the value of development and security working together to build and protect those applications. We highlight steps to take to get started, as well as describe a customer who successfully implemented security throughout the SDLC. Read on, here.