Today’s application security testing blog topic originated from my own personal experience. Last week, I received my third (yes, third) replacement debit card from “Huge Banking Conglomerate” since the beginning of this year. That averages out to a new debit card being issued roughly every three months.

Was I careless with the card, such as accidentally leaving it behind while traveling? The answer is no. Did the bank make a series of errors or update the card because its expiration date had changed? Once again, the answer is no. All of these replacement cards were issued as a result of reported data breaches by major U.S. businesses.

After I activated the new card, I reflected on the following:

  • How much does it cost banks to replace all of those cards, and what impact does that plastic production have on our environment?
  • How many banking customers and the people they do business with are inconvenienced when automatic payments from deactivated cards need to be updated, when replacement cards need to be activated, etc.?
  • Are we effectively addressing the core problems — i.e., organizational data needs to be better protected against potential security breaches, and application security testing programs need to become more effective?

With those questions in mind, I’m providing you with 10 convenient ways to bolster your application security testing knowledge, which we humorously refer to as #CoverYourApps. Application vulnerabilities continue to be a major source of organizational data breaches, so you need to be on top of your game. No security approach can prevent 100 percent of potential data breaches, but improving your organizational knowledge will help you combat application-based vulnerabilities more quickly and effectively.

As IBM recently reminded us in its advertising campaign, the best data breach is one that never occurs.

1. Download This Complimentary Application Security Management E-guide

This e-guide, “Five Steps to Achieve Risk-Based Application Security Management,” discusses key obstacles to effectively managing application security risk and describes five easy-to-follow steps to implement risk-based application security management in your organization. The five steps are as follows:

  • Create an inventory of application assets and assess their business impact.
  • Test applications for vulnerabilities.
  • Determine risks and prioritize vulnerabilities.
  • Remediate risks.
  • Measure progress and demonstrate compliance.

The guide also summarizes how more effective application security processes can help security, QA and development teams improve collaboration and reduce the threat of potential data breaches.

2. Watch a Two-Minute Video, ‘Manage Application Vulnerabilities Effectively With IBM Application Security Risk Management’

This video provides a brief overview of IBM’s approach to application security risk management. It should be considered a primer to the e-guide that’s referred to in item No. 1 above. By following the steps outlined in the video, you’ll be able to effectively manage vulnerabilities that impact the ever-increasing stockpile of Web and mobile applications in your organization. You’ll also be able to demonstrate remediation progress to your management team.

3. Read the Recent Blog, ‘What Do Technology Professionals Want in an Application Security Testing Solution?’

In this blog, you’ll learn four core application security testing requirements that are shared by organizations of all shapes and sizes across all industries. The plain-spoken content is derived from live discussions with our customers at Black Hat 2015, as well as a separate interview with IBM’s Global Team Lead for Application Security Testing, Alexei Pivkine.

4. Learn How a Major US University Leveraged IBM Security AppScan to Protect Sensitive Student Data

In this video, Alex Jalso, director of information security services at West Virginia University, discusses how WVU utilizes IBM Security AppScan to identify vulnerabilities in Web applications, reducing the risk of potential data breaches at the university.

5. Check Out Our Informative Infographic, ‘Case Closed With IBM Application Security on Cloud’

By reviewing this infographic, you’ll learn how to leverage IBM’s cloud-based application security analyzer to perform periodic application security testing, identify high-priority application vulnerabilities and improve the effectiveness of your application security program. You’ll also experience the peace of mind that’s derived from eliminating security vulnerabilities from Web and mobile applications before they’re placed into production and deployed.

6. Sign Up for a Limited-Time, Complimentary Trial of IBM Application Security Analyzer

Register for a limited-time, complimentary trial of IBM Application Security Analyzer solution that’s referred to in item No. 5 above. IBM Application Security Analyzer provides static application security testing (SAST), dynamic application security testing (DAST) and mobile application security testing capabilities in the cloud. It also offers you a summary report that recaps your most significant vulnerabilities.

7. Learn Why IBM Maintained Its Leadership Position in the 2015 Gartner Magic Quadrant for Application Security Testing

This blog permits you to download a complimentary copy of the 2015 Gartner Magic Quadrant for Application Security Testing, where IBM was positioned in the Leaders Quadrant.

8. Read ‘How Can Your Organization Benefit From Application Security Testing on Cloud?’

This blog, which I co-wrote with Eitan Worcel on IBM’s product management team, educates you on how you can leverage cloud-based application security to improve your overall level of security protection. It also arms you with baseline information for making the case to improve application security protection at your organization.

9. Find Out How Your Organization Can Maximize Its Static Analysis Security Testing (SAST) Initiatives

SAST solutions can be utilized to bench-test your organization’s application code and educate you on best practices to build application security testing practices into your ongoing software development life cycle.

10. Invest Three Minutes to Learn Why Your Organization Should Adopt a Strategic, Risk-Based Approach to Application Security

In this three-minute video, Constantine Grancharov, product manager for IBM Application Security Solutions, discusses why organizations should adopt a strategic, risk-based approach to application security. In addition, he explains why organizations should increase their focus on application security protection and balance potential risks against their likelihood. He also details how IBM’s security solutions can provide key metrics to help your organization combat its application risk.

Want to Learn More?

For even more information on application security, read the latest Security Intelligence posts on the topic or register for upcoming webinars.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…