In 2017, we made a concerted effort to provide more helpful resources to the application security space, and we’re thrilled that these assets were of value to so many people and organizations, across a multitude of industries.
Here’s a rundown of some of our most popular whitepapers of 2017:
- Ironclad APIs: An Approach to Application Security Testing
I’m sure the term “API Economy” is becoming familiar to you by now. After all, APIs change how the world interacts. Everything from sharing a photo, to online shopping, to hailing a cab, is done through APIs. And this technical innovation is happening faster every single day. WhiteHat Security’s “Ironclad APIs” whitepaper gives step-by-step best testing practices from authentication to authorization, from Source Code Analysis to Business Logic Testing. APIs are here to stay and there are security issues that need to be addressed when these APIs are being implemented. When security is implemented into your development organization, developers can then run security tools, such as WhiteHat Scout and Sentinel Source against these newly created APIs. This ensures that testing is performed on any web application component. Download the full paper here.
2017 Application Security Statistics Report: The Case for DevSecOps
In addition, in the section of this report titled, “Case Study: Making the Case for DevSecOps”, we’ve profiled a WhiteHat customer that implemented a program for creating “Security Heroes” in the development organization, putting the training and infrastructure in place necessary to support secure coding in Rugged DevOps. The results were impressive: critical vulnerabilities in applications in development and in production were resolved in a fraction of the time that it takes organizations that haven’t engaged DevOps teams in security efforts. Download it here.
Getting the Board Onboard with Application Security: Best Practice Guide
One of the patterns we saw across the industry, was that more and more CISOs were at a loss for where to start an AppSec program, much less sell it to the board of directors. While many board members understand the concepts and terms used in Network Security or Perimeter Security, Application Security, as a concept and discipline, is not quite firmly defined. This paper gives Security Executives and Advisors the right information to educate their peers, colleagues, and executives about initiating a successful application security program, including, making application security visible to executives, as well as security and development organizations; provides guidance for building and managing application security processes; how to measure and manage application security risks and processes; and assure compliance of applications with security regulations for privacy, data protection and information security. Read the full paper here. (There is also a great webinar on the subject)
Design Secure Software from the First Line of Code
Latency, bottlenecks and security teams finding vulnerabilities after a product has been coded and released have been consistent problems for developers. After all, developers have their own tools and processes that they use, and adding additional security is often seen as a huge burden. They need security to work seamlessly with their individual process, and from within their unique environment. The developers who understand the importance of application security either wrongly assume that the AppSec team will take care of it, or they are not aware of how to fix the flaws themselves.
This paper helps the reader understand how to shift security further left in the SDLC, how to empower developers to write secure software, and an unmatched way to develop secure applications in the age of DevOps and Continuous Integration/Continuous Delivery (CI/CD). Read the full whitepaper here.
The Art of Application Security: Getting Started with DevSecOps