The new year is a natural time to expand your knowledge, and to reflect on successes from the previous year. In 2020, one of the key goals of the AppScan team was to expand the quantity and quality of our thought leadership content. We are pleased to have achieved that goal.
When planning for this blog, I decided that the best approach was to focus on activities that readers like you might pursue in 2021, then include content that’s aligned with each of those activities. My overall goal was to make this article as practical and concise as possible. I encourage you to include additional resources in the comments section of this blog, if you’d like.
So, whether you’re reading this article in January or a few months from its publication, rest assured that you’ll benefit from the resources that appear below.
In 2021, my company needs to…
…Justify our financial investment in AppSec
These days, you can’t afford not to invest in Application Security! My classic blog provides 5 practical reasons why your organization needs to reconsider its investment in AppSec. And, our more recent blog recaps key financial findings from the “Application Security in the DevOps Environment” study with the Ponemon Institute. By reading the Ponemon blog, you’ll learn why organizations that participated in Ponemon’s research incurred costs that averaged $12 million as a result of attacks against their vulnerable applications.
…Hire more effective employees
In a provocative blog that was originally published in September 2020, author Rob Cuddy recapped characteristics of the “New Hybrid Security Employee.” New hybrid employees’ capabilities go well beyond the technical realm, to include “softer” skills such as empathy, curiosity, problem-solving and teamwork.
In the article, Rob provides you with practical advice to encourage your Security team to function as enablers rather than as gatekeepers in your organization. He also explains how you can transition Security’s traditional knee-jerk response to incoming requests from “No” to “Yes, and here’s how we do so safely.”
…Manage Application Security more effectively
In our July 2020 webinar, HCLSoftware CISO Joe Rubino shared pivotal insights about managing Application Security effectively in a global organization. During the session, Joe relayed key themes like the following to moderator Dave Munson:
- How to manage “Work from Home” programs more effectively.
- Best practices for maintaining credibility with your Development colleagues.
- Ways to harness the power of Artificial Intelligence (AI).
We’ve created a convenient listener’s guide for the event, which includes a link to the session replay.
…Hear perspectives of real-life AppSec practitioners
In our entertaining “Application Paranoia” podcast series with co-hosts Colin Bell, Rob Cuddy and Kris Duer, you can hear the perspectives of real-life AppSec practitioners, such as:
- Dragan Pleskonjic, a Senior Security Director in the gaming industry, who provides his real-life perspectives to the podcast team in Episode #9.
- Tanya Janca, founder of online learning academy @WeHackPurple, in Episode #10.
- HCLSoftware’s Digital Solutions CTO Jason Gary, who discusses embedding security practices into large and diverse engineering teams such as HCL’s, in Episode #4.
…Expand our team’s Application Security knowledge
In our recent YouTube video, Eitan Worcel and I review our new AppScan Resources Library, which presents you and your team with a treasure-trove of AppSec content to review and share with colleagues.
…Diversify our AppSec testing options
In a compelling article, AppScan Chief Architect Shahar Sperling presents the concept of “?AST,” which acknowledges that different types of Application Security Testing technologies have different intended audiences, yield different results and thrive under different testing conditions. In the blog, Shahar explains why particular testing technologies (such as DAST, SAST and IAST) might be better-suited for your Developers, QA Engineers and Security Experts/Pen Testers, depending on their use-cases.
…Empower developers to code securely
In his May 2020 blog, AppScan Product Manager Florin Coada explained the purpose of HCL AppScan CodeSweep: to help developers to find issues in applications, to educate developers how to fix those issues and to ask them the right questions whilst they write their code, so they can avoid security issues in the future. In plain words, CodeSweep empowers developers to respond to the following question: “Is my code really dangerous?” You can join the thousands of users of our CodeSweep community edition here.
…Tackle OWASP Top 10 vulnerabilities
Like everyone reading this article, many OWASP Top 10 vulnerabilities have enjoyed plenty of New Year’s celebrations. Since OWASP vulnerabilities clearly aren’t going away anytime soon, the best approach is to protect your organization now.
In June 2020, Eitan Worcel provided practical tips to identify and remediate Cross-Site Scripting (XSS) vulnerabilities. Later, Rob Cuddy and I wrote similar blogs that were focused on addressing SQL Injection vulnerabilities and tackling Sensitive Data Exposure. You can subscribe to our Weekly AppScan Digest for the latest Appscan blog updates, since the OWASP Top 10 is a continuing area of focus for our team.
…Upgrade to AppScan V10
Are you an AppScan client who’s looking to upgrade to V10? If so, watch Eitan Worcel’s brief YouTube video that recaps three major benefits of our V10 edition, including our unique IAST capabilities. You can then visit our specialized Web site to find out all of the details and begin using V10 yourself.
…Test-drive Application Security Testing for yourself
If you haven’t test-driven Application Security Testing technology for yourself, we encourage you to sign up for our free, 30-day trial of AppScan now.
To Learn More
If there are additional resources you find beneficial, please share them in the Comments section below. We look forward to publishing even more compelling content in 2021!