Download this case study to gain a deeper understanding of the strengths and weaknesses of automated and manual software security testing, methods used to find different types of security vulnerabilities and the types of security tools used, and best practices for software security assessments.
Every organization is unique and needs its own customized approach to ensure success of their training program. This guide presents best practices for taking a "many-hats" approach including creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.
This guide discusses ways organizations can make sense of the OWASP Top Ten to improve application security, including implementing OWASP best practices into a training program and into the SDLC.
This paper is designed for IT Risk Management, Information Security, and Management personnel seeking a more effective way to identify and prioritize risk. It describes the activities involved in application threat modeling and its goal in the context of IT risk management.
This guide focuses first on identifying the types of issues you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.
Written by our VP of Services, Joe Basirico, this guide teaches how to leverage your alter ego using your imagination and existing knowledge to more thoroughly test your web applications.
There is an accepted five-step process for developing software. This guide describes the typical activities in a team development process and the unique benefits that enable an organization to move through the process in an orderly manner.
Jason Taylor, co-creator of the DREAD threat modeling classification techniques and CTO of Security Innovation, shares his thoughts on the evolution of DREAD and what the next version might look like.
The Ponemon Institute independently surveyed 642 IT professionals in both executive and engineering positions. This study details their responses to the current state of application security, including opinions on security standards, training, and assessments.
Many organizations use the OWASP Top 10 to focus their application security and compliance activities. Learn more about the OWASP Top 10, why it's important, and how it can help you with compliance requirements.
Learn about five common information security mistakes organizations make and recommendations and best practices for building and maintaining a successful information security practice.
Examine the major challenges of software security risk management and the concept of Software Security Total Risk Management (SSTRM), an innovative approach by which enterprises apply software security development and assessment best practices to enhance business revenue and protect against losses.
The Application Security Maturity (ASM) was developed by Security Innovation and is based on analysis of 10 year’s worth of data about organizations and their security investments in technology, people, and processes. Learn why the ASM model was created, how it works, and help fine tune your security related investments.
Learn a practical approach towards mapping application security to compliance requirements, including why application security is difficult for most compliance teams, creating an action plan that endorses application security best practices, and how to document these best practices for auditing purposes.
This paper describes complete lifecycle activities aimed at producing more secure and robust code that can better withstand attacks.