In 2017, we made a concerted effort to provide more helpful resources to the application security space, and we’re thrilled that these assets were of value to so many people and organizations, across a multitude of industries.
Here’s a rundown of some of our most popular whitepapers of 2017:
2017 Application Security Statistics Report: The Case for DevSecOps
2017 marked the 12th year of our AppSec Stats Report, and for the first time, it provided substantial metrics around DevSecOps. The 60-page security report covers DAST, SAST, and Mobile App Security Testing, as well as how all three can work together seamlessly. It also provides key best practices on how to get started on a successful AppSec journey.
In addition, in the section of this report titled, “Case Study: Making the Case for DevSecOps”, we’ve profiled a WhiteHat customer that implemented a program for creating “Security Heroes” in the development organization, putting the training and infrastructure in place necessary to support secure coding in Rugged DevOps. The results were impressive: critical vulnerabilities in applications in development and in production were resolved in a fraction of the time that it takes organizations that haven’t engaged DevOps teams in security efforts.
Getting the Board Onboard with Application Security: Best Practice Guide
One of the patterns we saw across the industry, was that more and more CISOs were at a loss for where to start an AppSec program, much less sell it to the board of directors. While many board members understand the concepts and terms used in Network Security or Perimeter Security, Application Security, as a concept and discipline, is not quite firmly defined. This paper gives Security Executives and Advisors the right information to educate their peers, colleagues, and executives about initiating a successful application security program, including, making application security visible to executives, as well as security and development organizations; provides guidance for building and managing application security processes; how to measure and manage application security risks and processes; and assure compliance of applications with security regulations for privacy, data protection and information security.
Design Secure Software from the First Line of Code
Latency, bottlenecks, and security teams finding vulnerabilities after a product has been coded and released have been consistent problems for developers. After all, developers have their own tools and processes that they use, and adding additional security is often seen as a huge burden. They need security to work seamlessly with their individual process, and from within their unique environment. The developers who understand the importance of application security either wrongly assume that the AppSec team will take care of it, or they are not aware of how to fix the flaws themselves.
This paper helps the reader understand how to shift security further left in the SDLC, how to empower developers to write secure software, and an unmatched way to develop secure applications in the age of DevOps and Continuous Integration/Continuous Delivery (CI/CD). Read the full whitepaper here.
The Art of Application Security: Getting Started with DevSecOps
We wrote this paper to shine some truth on the subject of DevSecOps. It’s often a seductive term throughout many industries, sometimes thrown around ad nauseam without sufficient explanation of what it demands. What you will find in this paper, is a “blueprint” or best practices for application security, and substantial evidence of the value of development and security working together to build and protect those applications. We highlight steps to take to get started, as well as describe a customer who successfully implemented security throughout the SDLC.