You've requested...

State of software security: What 2017 taught us

If a new window did not open, click here to view this asset.

Download this next:

Your path to a mature AppSec program

According to a recent Verizon study, almost 40% of observed security incidents and data breaches were the direct result of a cyberattack targeting web applications – but it’s no secret that apps are often the target of today’s threats.

This e-book, Your Path to a Mature AppSec Program, provides expert guidance to help your organization modernize its AppSec approach – chapters include:

  • An introduction to application security
  • AppSec stages
  • Steps to reach AppSec security
  • & more

Download the e-book to get started.

These are also closely related to: "State of software security: What 2017 taught us"

  • Securing the entire software development pipeline with Veracode Static Analysis

    Developers need security testing solutions that can keep pace with rapid, agile development processes. Traditional AppSec solutions can cause development to stall and delay the release of software.

    In this guide, learn how static analysis solutions can secure applications without hindering fast development.

    Download the guide here.

  • Urban Myths About Secure Coding

    Urban myths, whether rooted in reality or fabricated entirely, have the power to change perception. Secure coding practices are not exempt from the danger of myths, as many misconceptions still plague the industry today.

    This e-book is designed to rectify these misconceptions by presenting 6 common urban myths about secure coding and giving practical guidance for how to overcome them. Read the full e-book to learn about what myths may be holding you back from securing your code.

Find more content like what you just read:

  • Stop sacrificing innovation for security

    Application security has evolved significantly over the past few years. Today, organizations are now running daily static scans, weekly dynamic scans, and at least weekly SCA scans. However, this is not just going through the motions. Having security at the front of mind allows teams to reduce risk and build resilience. Read on to learn more.


  • Developer’s guide to secure coding

    This 31-page eBook provides a roadmap to secure coding in practice. Inside, find a deep dive into common software vulnerabilities, how hackers exploit them, what you need to know to prevent a breach, and more.


  • SAST vs. DAST: What Are the Differences and Why Are They Both Important?

    If you only use SAST, you miss out on detecting critical flaws from open source vulnerabilities and configuration errors. The more application security scan types you employ, the more flaws you uncover. This infographic dives deeper into the differences between SAST and DAST, and establishes the benefits of using both scan types in unison.


  • Navigating the GDPR

    Today’s businesses encounter not only rising cyberattacks but also regulations with stringent requirements. To help organizations navigate that challenging landscape, this white paper presents best practices for complying with the EU’s GDPR. Keep reading to unlock insights.


  • How to choose the right AppSec vendor/offering

    The application security (AppSec) market is oversaturated with an abundance of options, which can make finding an AppSec vendor/offering best fit for your unique needs a difficult task. Read this infosheet for some expert guidance to help get you started on your AppSec journey.


  • How Do Vulnerabilities Get into Software?

    Despite the best efforts of IT security teams, vulnerabilities in applications are bound to happen. In fact, research shows that 3 out of 4 apps produced by software vendors fail to meet security standards. Download this white paper to discover the 4 most common causes that lead to software vulnerabilities and ensure your readiness.


  • 4 Ways to Increase Developer Buy-In of AppSec



  • Address vulnerabilities during app development

    While incorporating security into the development process makes sense in theory, the reality is that in the turmoil of development, security is often the first corner cut to save time. Veracode Fix emerges as a critical tool in the arsenal of application development teams and application security managers. Read on to learn more.


  • Mitigate these 3 risks to container & IaC security

    Along with highlighting 3 prevalent risks to container and IaC (infrastructure as code) security, this e-book instructs readers on how to mitigate those risks with a holistic approach to security. Continue on to unlock these insights.


  • Application security: Understanding how software is protected

    According to a recent report, 76% of all software applications have some sort of a security flaw. Applications are often seen as products in and of themselves, but when they are given sensitive information, it is important that they also be secure. Access the full infosheet to learn more about the current state of application security.


  • AI-based application testing: Simulate attacks at scale

    With advances in AI capabilities, hackers have leveraged the evolving technology in order to perform more sophisticated attacks at scale. If actual attacks are using AI, then simulated attack testing that is performed at scale using AI is as close of a simulation to the real thing as one could hope for. Read on to learn more.


  • DevSecOps delivers better business

    Firms need to consider the move from DevOps to DevSecOps. This e-guide focuses on the benefits of DevSecOps, paints a picture of the rise of this approach, and explains why using the right DevSecOps tools leads to more secure development. DevSecOps delivers better business, and it's time for you to find out how and why.


  • Application security: best practices and risks

    Security professionals need to anticipate vulnerabilities from all the right perspectives, and that means testing apps for flaws on a regular basis, whether that means monthly, quarterly or following updates. Check out this e-guide, which include application security best practices, threat identification and security testing tips.


  • Application security: More important than ever

    In this e-guide we look at why application security is more important than ever due to traditional software and cloud-based, web and mobile applications playing an increasingly important role in business.


  • 5 principles for securing DevOps

    Integrating security operations into pre-existing DevOps processes can yield numerous business benefits – including a measurable growth in both profit and revenue. Read this whitepaper to unlock the 5 principles of DevSecOps to help you get started.


  • CW Benelux February 2018

    In this issue, read about how and why one public sector IT professional in the Netherlands, Victor Gevers, took a whole year out to hack ethically and, in the process, unearthed about 1,000 vulnerabilities.


  • What security pros need to know about software development today

    Download this resource to learn about how software development tools and processes changed recently, challenges developers run into while trying to balance these new tools and processes, and what security professionals can do to get developers fully on board with security.


  • Vulnerability management trends for 2024

    44% of organizations have a formal vulnerability management program in place internally, with 28% of organizations identifying 100 or more vulnerabilities each month. These findings and more are from Dark Reading’s The State of Vulnerability Management Report. Read the report here.


  • Proactive Security: Software vulnerability management and beyond

    In this e-guide we discover why modern security professionals are moving to a more pro-active approach to cyber defence, and how managing vulnerabilities is a key element of that.


  • 7 advantages of a SaaS-based application security program

    In this infographic, discover 7 advantages of a SaaS-based application security program vs. on-premises.


  • IDC TechBrief: Interactive Application Security Testing

    With modern application development operating at break-neck speeds, DevOps teams pressured by deadlines are often forced to compromise security for efficiency’s sake. This white paper examines the benefits of using interactive application security testing to mitigate the security risk and complexities of using DevSecOps. Read on to learn more.


  • CW ASEAN: Time to dial up defences

    In this month's issue of CW ASEAN, we take a closer look at ASEAN's patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats.


  • Moving beyond traditional AppSec: The growing software attack surface

    According to findings from ReversingLabs’ recent study, software supply chain threats rose 1300% between 2021 to 2023. This buyer’s guide to supply chain security analyzes the current state of supply chain attacks and distills the analysis into actionable information you can use to choose an offering. Download now to learn more.


  • Infographic: 5 essential open source cybersecurity tools for 2022

    There are countless open source cybersecurity tools available in the market and some of them have become essential for finding vulnerabilities in 2022. In this infographic, we highlight five tools that have proven to be highly efficient and reliable and can be combined with other tools to help build up your defences.


  • Designing your Kubernetes security strategy

    Download this e-book to learn how to design a security strategy that reinforces, rather than hinders, the rest of your Kubernetes-based processes.


  • How Organizations With An Emerging Cybersecurity Program Can Accelerate Risk Reduction

    Whether or not your organization plans to utilize consultants, AT&T Cybersecurity Consulting crafted this white paper to clarify initiatives for an emerging program. Learn more by downloading this paper today.


  • What should you ask a pentesting service provider?

    To augment their security stances, many organizations have partnered with a penetration testing (pentesting) service provider. Is your business considering doing the same? Step in “11 Questions to Ask Your Pentesting Service Provider,” a white paper that can guide your market exploration. Read now to unlock insights.


  • State of software security 2024

    71% of organizations have security debt, with 46% of organizations having persistent, high-severity flaws that constitute critical security debt, according to Veracode’s State of Software Security for 2024. Dive into the report here.


  • Web security: Important but often overlooked

    In this e-guide we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.


  • App Sec Tools Need a Software Supply Chain Security Upgrade.

    Learn why traditional application security testing tools alone leave your organization exposed to supply chain attacks — and how software supply chain security tools represent an evolution of traditional application security tools, ensuring end-to-end software security.


  • An overview of attack surface management (ASM)

    With more cloud environments and digital assets in play than ever before, the enterprise attack surface has become increasingly complex and difficult to manage. This Attack Surface Management (ASM) for Dummies, e-book presents a coherent overview of ASM. Download now to unlock the extensive e-book and all the insights contained within it.


  • Computer Weekly – 16 January 2018: How to fix the Meltdown and Spectre chip flaws

    In this week's Computer Weekly, as CIOs come to terms with the Meltdown and Spectre processor flaws that make every computer a security risk, we examine how to protect your IT estate. We find out how Alexa-style smart speakers can help with CRM strategies. And we look at how the public sector is implementing DevOps. Read the issue now.


  • Print security: An imperative in the IoT era

    Analyst group Quocirca gives the perspective on the risks and best practices of print security.


  • Computer Weekly – 21 August 2018: Delivering the potential of the internet of things

    In this week's Computer Weekly, we hear from early adopters of internet of things technologies about how to deliver on the potential of IoT. We examine strategies for combining hyper-converged infrastructure and cloud storage to best effect. And we find out how the UK government intends to use data to improve Britain's railways. Read the issue now.


  • Computer Weekly – 19 December 2023: The ransomware threat to UK critical infrastructure

    In this week's Computer Weekly, a parliamentary report warns that a lack of ransomware preparedness at the highest levels of government is leaving UK critical national infrastructure dangerously exposed – we analyse the risks. We also examine how AI tools are helping to enhance cloud security. Read the issue now.


  • AWS Differences between Active and Passive IAST and how to get the best of both worlds

    Interactive Application Security Testing (IAST) is a relatively new technology that has caused a lot of confusion for not being clearly explained. This article sets out to clear the air. It will explain:What is IAST?What’s the difference between Active IAST & Passive IAST? Which approach is better for you?Access the paper here.


  • Next-generation DAST: Introducing interactive application security testing (IAST)

    While dynamic application security testing (DAST) has been a go-to AppSec testing technique for decades, it is not without its drawbacks. This is where interactive application security testing (IAST) comes into play, building off of DAST, but analyzing apps from the inside out, rather than from the outside in. Read this white paper to learn more.


  • ESG's research exposes how the security analyst role must evolve

    Access this report from Enterprise Strategy Group (ESG) to discover how the role of security analyst is evolving to work with (instead of against) development, and learn what actions you can take now to set your organization up for success.


  • 30-page e-book: IoT security benchmark report 2023

    81% of security leaders surveyed by Starfleet Research reported that their business was struck by an IoT-focused attack within the past year. So, how can you boost IoT security at your own organization? Find guidance in this 30-page e-book.


  • 34-page report: Software supply chain landscape

    To understand the state of the software supply chain landscape in 2024, tap into this 34-page research report.


  • A Computer Weekly buyer's guide to secure and agile app development

    As apps become increasingly integral to business operations, the importance of keeping them secure can never be overstated. In this 15-page buyer's guide, Computer Weekly looks at how firms can protect apps from ransomware, why app creation needs to happen at pace, and how to get the right balance between security and coding


  • Top 10 IT security stories of 2018

    The discovery of the Meltdown and Spectre microprocessor vulnerabilities, and several similar vulnerabilities in the months that followed, were probably the single most challenging developments for enterprise IT security teams in 2018. Here's a look back over Computer Weekly's top 10 IT Security stories of 2018.


  • Perimeter Security Noise Leaves Applications Vulnerable to Attacks

    Learn how you can get AppSec protection that can compensate with the necessary visibility, accuracy, scalability, and ease of deployment to keep pace with modern application vulnerabilities without generating false positives and false negatives.


  • OWASP Top Ten: How to keep up

    The newest addition to the OWASP Top Ten was recently published to help organizations assess their application security efforts – but false positives could lead to unnecessary stress. Download now to learn how Contrast’s observability platforms is designed to keep up with the rapidly expanding scope of the OWASP Top Ten.


  • The exploitation of flaws in the HTTPS protocol

    For both technical and non-technical users, the presence of "HTTPS" in a website URL will provide confidence to consider entering sensitive information such as bank or credit card details. However, even websites owned by the most reputable organisations may be exposed to attack if HTTPS is not properly implemented.


  • The Buyer’s Guide to Complete Cloud Security

    Conventional approaches to security can’t deliver the granular visibility and control needed to manage cloud risk, particularly risk associated with containers. This buyer’s guide captures the definitive criteria for choosing the right cloud-native application protection platform (CNAPP) and partner.


  • How intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks

    This article in our Royal Holloway security series explains how intrusion prevention systems (IPS) can be used with a 'honeynet' to gather intelligence on cyber attacks