Today’s application security testing blog topic originated from my own personal experience. Last week, I received my third (yes, third) replacement debit card from “Huge Banking Conglomerate” since the beginning of this year. That averages out to a new debit card being issued roughly every three months.
Was I careless with the card, such as accidentally leaving it behind while traveling? The answer is no. Did the bank make a series of errors or update the card because its expiration date had changed? Once again, the answer is no. All of these replacement cards were issued as a result of reported data breaches by major U.S. businesses.
After I activated the new card, I reflected on the following:
- How much does it cost banks to replace all of those cards, and what impact does that plastic production have on our environment?
- How many banking customers and the people they do business with are inconvenienced when automatic payments from deactivated cards need to be updated, when replacement cards need to be activated, etc.?
- Are we effectively addressing the core problems — i.e., organizational data needs to be better protected against potential security breaches, and application security testing programs need to become more effective?
With those questions in mind, I’m providing you with 10 convenient ways to bolster your application security testing knowledge, which we humorously refer to as #CoverYourApps. Application vulnerabilities continue to be a major source of organizational data breaches, so you need to be on top of your game. No security approach can prevent 100 percent of potential data breaches, but improving your organizational knowledge will help you combat application-based vulnerabilities more quickly and effectively.
As IBM recently reminded us in its advertising campaign, the best data breach is one that never occurs.
1. Download This Complimentary Application Security Management E-guide
This e-guide, “Five Steps to Achieve Risk-Based Application Security Management,” discusses key obstacles to effectively managing application security risk and describes five easy-to-follow steps to implement risk-based application security management in your organization. The five steps are as follows:
- Create an inventory of application assets and assess their business impact.
- Test applications for vulnerabilities.
- Determine risks and prioritize vulnerabilities.
- Remediate risks.
- Measure progress and demonstrate compliance.
The guide also summarizes how more effective application security processes can help security, QA and development teams improve collaboration and reduce the threat of potential data breaches.
2. Watch a Two-Minute Video, ‘Manage Application Vulnerabilities Effectively With IBM Application Security Risk Management’
This video provides a brief overview of IBM’s approach to application security risk management. It should be considered a primer to the e-guide that’s referred to in item No. 1 above. By following the steps outlined in the video, you’ll be able to effectively manage vulnerabilities that impact the ever-increasing stockpile of Web and mobile applications in your organization. You’ll also be able to demonstrate remediation progress to your management team.
3. Read the Recent Blog, ‘What Do Technology Professionals Want in an Application Security Testing Solution?’
In this blog, you’ll learn four core application security testing requirements that are shared by organizations of all shapes and sizes across all industries. The plain-spoken content is derived from live discussions with our customers at Black Hat 2015, as well as a separate interview with IBM’s Global Team Lead for Application Security Testing, Alexei Pivkine.
4. Learn How a Major US University Leveraged IBM Security AppScan to Protect Sensitive Student Data
In this video, Alex Jalso, director of information security services at West Virginia University, discusses how WVU utilizes IBM Security AppScan to identify vulnerabilities in Web applications, reducing the risk of potential data breaches at the university.
5. Check Out Our Informative Infographic, ‘Case Closed With IBM Application Security on Cloud’
By reviewing this infographic, you’ll learn how to leverage IBM’s cloud-based application security analyzer to perform periodic application security testing, identify high-priority application vulnerabilities and improve the effectiveness of your application security program. You’ll also experience the peace of mind that’s derived from eliminating security vulnerabilities from Web and mobile applications before they’re placed into production and deployed.
6. Sign Up for a Limited-Time, Complimentary Trial of IBM Application Security Analyzer
Register for a limited-time, complimentary trial of IBM Application Security Analyzer solution that’s referred to in item No. 5 above. IBM Application Security Analyzer provides static application security testing (SAST), dynamic application security testing (DAST) and mobile application security testing capabilities in the cloud. It also offers you a summary report that recaps your most significant vulnerabilities.
7. Learn Why IBM Maintained Its Leadership Position in the 2015 Gartner Magic Quadrant for Application Security Testing
This blog permits you to download a complimentary copy of the 2015 Gartner Magic Quadrant for Application Security Testing, where IBM was positioned in the Leaders Quadrant.
8. Read ‘How Can Your Organization Benefit From Application Security Testing on Cloud?’
This blog, which I co-wrote with Eitan Worcel on IBM’s product management team, educates you on how you can leverage cloud-based application security to improve your overall level of security protection. It also arms you with baseline information for making the case to improve application security protection at your organization.
9. Find Out How Your Organization Can Maximize Its Static Analysis Security Testing (SAST) Initiatives
SAST solutions can be utilized to bench-test your organization’s application code and educate you on best practices to build application security testing practices into your ongoing software development life cycle.
10. Invest Three Minutes to Learn Why Your Organization Should Adopt a Strategic, Risk-Based Approach to Application Security
In this three-minute video, Constantine Grancharov, product manager for IBM Application Security Solutions, discusses why organizations should adopt a strategic, risk-based approach to application security. In addition, he explains why organizations should increase their focus on application security protection and balance potential risks against their likelihood. He also details how IBM’s security solutions can provide key metrics to help your organization combat its application risk.