Optiv is releasing REST API Goat, a vulnerable API, to help boost AppSec skills.

This is the last post in my series on creating an effective AppSec program within your organization. In my last post, we discussed the importance of....

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and....

In my last blog post, I talked about what an application security (AppSec) program is and how an organization would go about building a formal program....

Serverless architecture enables applications to be developed and deployed without management of the underlying host or operating system. Instead of a....

An application security (AppSec) program can be defined as the set of risk mitigating controls and business functions that support the discovery....

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years....

As the secure SDLC program matures, vulnerabilities should be caught and remediated earlier in the lifecycle. To know if the program is truly working....

The term “knowledge management” (KM) refers to using vulnerability mining to turn remediation into lessons learned. Essentially this involves taking....

Most organizations would agree that maintaining a fast, predictable flow of planned work (e.g. projects, scheduled changes) that achieves business....

Building an application catalog is a critical step towards maintaining governance over a secure SDLC program. The primary purposes of the catalog are....

The creation and integration of a secure development lifecycle (SDLC) can be an intimidating, even overwhelming, task. There are so many aspects that....