Application Security Testing Takeaways From Clients

In my current role, I have the pleasure of routinely hearing our clients’ direct feedback regarding the application security issues they face. Across the board, they consistently refer to three main areas of concern:

  • Securing executive buy-in and funding for major IT initiatives;
  • Spending most of their time firefighting everyday IT security issues rather than focusing on establishing a comprehensive risk management program; and
  • Keeping themselves and their teams abreast of rapidly evolving IT security trends.

10 Resources You Should Master and Share Now

Below are 10 key resources that will help you combat all three of the concerns outlined above.

1. ‘Five Critical Steps to Selecting an Application Security Provider’

This article offers five convenient and proven steps to help you select an application security testing provider that best fits your organization’s needs.

2. ‘Present These 10 Key Application Security Risk Management Findings to Your Executive Team’

Larry Ponemon recapped findings from the Ponemon Institute’s “State of Application Security Risk Management Report.” The report analyzed feedback from more than 600 IT security executives about application security best practices and challenges.

3. ‘Recently Released Industry Research Study Reveals Triple-Digit ROI for IBM Application Security Solution’

This past summer, Forrester Consulting issued a study, “The Total Economic Impact™ (TEI) of IBM Security AppScan Source,” to assess the economic and business benefits of IBM’s application security testing solutions. The subject of the study was a large, global enterprise that currently utilizes IBM AppScan Source to perform static application security testing (SAST) in its application development environment.

4. ‘Intelligent Finding Analytics: Your Cognitive Computing Application Security Expert’

This article explains how you can reduce noisy SAST findings by up to 99 percent by leveraging application security on cloud.

5. ‘Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program’

Here we outlined three convenient steps you can take to incorporate the latest DevOps best practices into your organization’s application security testing program.

6. ‘What Are the Tools Available to Perform Security Testing on Android Applications?’

This brief Quora response describes tools that can help you perform mobile application security testing. Although the question is focused on Android applications, the application security on cloud can also be utilized to test Apple iOS applications.

7. ‘Are Your Vulnerable Applications Running Scared? IBM Security to the Rescue!’

This entertaining video explains how application security on cloud consulting services can help you to stay a step ahead of potential attackers.

8. ‘Concur Technologies Protects Mission-Critical Applications with IBM Security AppScan’

In this compelling video, Concur Technologies discusses how it uses AppScan to protect its clients’ privileged travel and expense reporting information. You’ll also learn why Concur’s senior application security engineer wanted to give his IBM support contact a big bear hug.

9. Client Case Study: Individual Restaurants

A fascinating case study details how Individual Restaurants successfully leveraged IBM Application Security on Cloud to help protect the mission-critical mobile application that powers its Club Individual customer affinity program.

10. ‘Uncover What’s Inside the Mind of a Hacker’

In this recorded webinar, an IBM ethical hacker encourages developers to “put their hackers’ hats on” to consider potential security vulnerabilities from a cybercriminal’s perspective. He also discusses software defenses that can prevent security flaws from recurring.

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today