Whitepapers | IN CONJUNCTION WITH THE PONEMON INSTITUTE

Current State of Application Security

The Ponemon Institute independently surveyed 642 IT professionals in both executive and engineering positions. This study details their responses to the current state of application security, including opinions on security standards, training, and assessments.

Whitepapers

Simplifying Application Security and Compliance with the OWASP Top 10

Many organizations use the OWASP Top 10 to focus their application security and compliance activities. Learn more about the OWASP Top 10, why it's important, and how it can help you with compliance requirements.

Whitepapers

Regulatory Compliance Demystified

This document covers six of the most relevant pieces of legislation in depth and then touches on four others more lightly.

Whitepapers

Biggest Software Security Mistakes Organizations Make

Learn about five common information security mistakes organizations make and recommendations and best practices for building and maintaining a successful information security practice.

Whitepapers

Software Security Total Risk Management: SI’s Blueprint for Effective Program Development

Examine the major challenges of software security risk management and the concept of Software Security Total Risk Management (SSTRM), an innovative approach by which enterprises apply software security development and assessment best practices to enhance business revenue and protect against losses.

Whitepapers

Application Security Maturity Model: A Pragmatic Approach to Securing your Software Applications

The Application Security Maturity (ASM) was developed by Security Innovation and is based on analysis of 10 year’s worth of data about organizations and their security investments in technology, people, and processes. Learn why the ASM model was created, how it works, and help fine tune your security related investments.

Whitepapers

Aligning Application Security with Compliance Requirements

Learn a practical approach towards mapping application security to compliance requirements, including why application security is difficult for most compliance teams, creating an action plan that endorses application security best practices, and how to document these best practices for auditing purposes.

Whitepapers

Application Security by Design: Security as a Complete Lifecycle Activity

This paper describes complete lifecycle activities aimed at producing more secure and robust code that can better withstand attacks.

Whitepapers

A CTO's Perspective on Software Threat Classification

Jason Taylor, co-creator of the DREAD threat modeling classification techniques and CTO of Security Innovation, shares his thoughts on the evolution of DREAD and what the next version might look like.

Whitepapers | IN CONJUNCTION WITH GARTNER

Gartner Predicts 2017: Threats and Vulnerability Management

View an in depth analysis of Gartner's suggested approach to improve detection and remediation of attacks on your organization.

Guides

CISO's Guide to Application Security

This guide helps CISO's and other executives understand the importance of application security and effectively integrate it into their SDLC.

Guides

Roll Out an Effective Application Security Training Program

Every organization is unique and needs its own customized approach to ensure success of their training program. This guide presents best practices for taking a "many-hats" approach including creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.

Guides

19 Attacks to Break Software Security

In this guide, we present 19 attacks that will uncover elusive vulnerabilities on any kind of application, platform or development language.

Guides

Advancing your Application Security Program by Putting the OWASP Top Ten into Practice

This guide discusses ways organizations can make sense of the OWASP Top Ten to improve application security, including implementing OWASP best practices into a training program and into the SDLC.

Guides

Five Best Practices for IT Security

This guide provides five best practices for preventing your organization from making simple IT security mistakes and will help you integrate security into your information management and application lifecycle.

Guides

The Art of Threat Modeling for IT Risk Management

This paper is designed for IT Risk Management, Information Security, and Management personnel seeking a more effective way to identify and prioritize risk. It describes the activities involved in application threat modeling and its goal in the context of IT risk management.

Guides

How to Conduct a Code Review

This guide focuses first on identifying the types of issues you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.

Guides

Finding Your Evil Innerdoer for Effective Security Testing

Written by our VP of Services, Joe Basirico, this guide teaches how to leverage your alter ego using your imagination and existing knowledge to more thoroughly test your web applications.

Guides

Five Steps for Designing More Secure Software

There is an accepted five-step process for developing software. This guide describes the typical activities in a team development process and the unique benefits that enable an organization to move through the process in an orderly manner.

Guides

Static Analysis Strategies

This paper presents best practices for code security analysis, helping ensure that security defects are detected earlier in the development lifecycle, where it is naturally cheaper to address.

Case Studies

digitalX Case Study

Read how our experts conducted security assessments to test and analyze the digitalX Airpocket mobile app for software flaws that could be used by hackers to compromise sensitive information.

Case Studies

Elsevier Case Study

Read how Elsevier, a leader in the print and publishing industry, used our application security training program to help educate employees and increase overall security awareness at the software development level.

Datasheets

Training Course Catalog

View this condensed PDF of our security awareness and application security course listings.

Datasheets

CMD+CTRL Web Application Hackathon

Read the datasheet to learn more about our CMD+CTRL Web Application Security Hackathon, where participants lunge into the dark world of cyberattacks and view applications through the eyes of a rogue adversary.

Datasheets

CMD+CTRL Hackathons

Read more about our various CMD+CTRL Hackathons, including web application security, IT Infrastructure, and more.

Sorry, there are no reports that meet these specifications.