September 30, 2015 By Neil Jones 4 min read

Today’s application security testing blog topic originated from my own personal experience. Last week, I received my third (yes, third) replacement debit card from “Huge Banking Conglomerate” since the beginning of this year. That averages out to a new debit card being issued roughly every three months.

Was I careless with the card, such as accidentally leaving it behind while traveling? The answer is no. Did the bank make a series of errors or update the card because its expiration date had changed? Once again, the answer is no. All of these replacement cards were issued as a result of reported data breaches by major U.S. businesses.

After I activated the new card, I reflected on the following:

  • How much does it cost banks to replace all of those cards, and what impact does that plastic production have on our environment?
  • How many banking customers and the people they do business with are inconvenienced when automatic payments from deactivated cards need to be updated, when replacement cards need to be activated, etc.?
  • Are we effectively addressing the core problems — i.e., organizational data needs to be better protected against potential security breaches, and application security testing programs need to become more effective?

With those questions in mind, I’m providing you with 10 convenient ways to bolster your application security testing knowledge, which we humorously refer to as #CoverYourApps. Application vulnerabilities continue to be a major source of organizational data breaches, so you need to be on top of your game. No security approach can prevent 100 percent of potential data breaches, but improving your organizational knowledge will help you combat application-based vulnerabilities more quickly and effectively.

As IBM recently reminded us in its advertising campaign, the best data breach is one that never occurs.

1. Download This Complimentary Application Security Management E-guide

This e-guide, “Five Steps to Achieve Risk-Based Application Security Management,” discusses key obstacles to effectively managing application security risk and describes five easy-to-follow steps to implement risk-based application security management in your organization. The five steps are as follows:

  • Create an inventory of application assets and assess their business impact.
  • Test applications for vulnerabilities.
  • Determine risks and prioritize vulnerabilities.
  • Remediate risks.
  • Measure progress and demonstrate compliance.

The guide also summarizes how more effective application security processes can help security, QA and development teams improve collaboration and reduce the threat of potential data breaches.

2. Watch a Two-Minute Video, ‘Manage Application Vulnerabilities Effectively With IBM Application Security Risk Management’

This video provides a brief overview of IBM’s approach to application security risk management. It should be considered a primer to the e-guide that’s referred to in item No. 1 above. By following the steps outlined in the video, you’ll be able to effectively manage vulnerabilities that impact the ever-increasing stockpile of Web and mobile applications in your organization. You’ll also be able to demonstrate remediation progress to your management team.

3. Read the Recent Blog, ‘What Do Technology Professionals Want in an Application Security Testing Solution?’

In this blog, you’ll learn four core application security testing requirements that are shared by organizations of all shapes and sizes across all industries. The plain-spoken content is derived from live discussions with our customers at Black Hat 2015, as well as a separate interview with IBM’s Global Team Lead for Application Security Testing, Alexei Pivkine.

4. Learn How a Major US University Leveraged IBM Security AppScan to Protect Sensitive Student Data

In this video, Alex Jalso, director of information security services at West Virginia University, discusses how WVU utilizes IBM Security AppScan to identify vulnerabilities in Web applications, reducing the risk of potential data breaches at the university.

5. Check Out Our Informative Infographic, ‘Case Closed With IBM Application Security on Cloud’

By reviewing this infographic, you’ll learn how to leverage IBM’s cloud-based application security analyzer to perform periodic application security testing, identify high-priority application vulnerabilities and improve the effectiveness of your application security program. You’ll also experience the peace of mind that’s derived from eliminating security vulnerabilities from Web and mobile applications before they’re placed into production and deployed.

6. Sign Up for a Limited-Time, Complimentary Trial of IBM Application Security Analyzer

Register for a limited-time, complimentary trial of IBM Application Security Analyzer solution that’s referred to in item No. 5 above. IBM Application Security Analyzer provides static application security testing (SAST), dynamic application security testing (DAST) and mobile application security testing capabilities in the cloud. It also offers you a summary report that recaps your most significant vulnerabilities.

7. Learn Why IBM Maintained Its Leadership Position in the 2015 Gartner Magic Quadrant for Application Security Testing

This blog permits you to download a complimentary copy of the 2015 Gartner Magic Quadrant for Application Security Testing, where IBM was positioned in the Leaders Quadrant.

8. Read ‘How Can Your Organization Benefit From Application Security Testing on Cloud?’

This blog, which I co-wrote with Eitan Worcel on IBM’s product management team, educates you on how you can leverage cloud-based application security to improve your overall level of security protection. It also arms you with baseline information for making the case to improve application security protection at your organization.

9. Find Out How Your Organization Can Maximize Its Static Analysis Security Testing (SAST) Initiatives

SAST solutions can be utilized to bench-test your organization’s application code and educate you on best practices to build application security testing practices into your ongoing software development life cycle.

10. Invest Three Minutes to Learn Why Your Organization Should Adopt a Strategic, Risk-Based Approach to Application Security

In this three-minute video, Constantine Grancharov, product manager for IBM Application Security Solutions, discusses why organizations should adopt a strategic, risk-based approach to application security. In addition, he explains why organizations should increase their focus on application security protection and balance potential risks against their likelihood. He also details how IBM’s security solutions can provide key metrics to help your organization combat its application risk.

Want to Learn More?

For even more information on application security, read the latest Security Intelligence posts on the topic or register for upcoming webinars.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today