eBook

State of Application Security

An comprehensive Journey trough the modern technique for implementing DevSecOps, Application Security & Cloud Security

A Modern Approach to Application & Cloud Security

This document is a collaborative document that aims to include the thoughts of modern appsec leaders

We wrote this document with industry leaders to focus on how to implement application & Cloud security in the modern organization

The book is a collection of methodologies from the practitioners

Who helped us creating this report

The current state of application security is that we do not have enough qualified individuals, with relevant training and experience, to do all of the work that we need doing.

Tanya Janka

Shehackspurple

Because most breaches can be traced back to code and we have the data to show this, it’s clear that security is a non-functional requirement for good code and a question of code quality. The only way to improve the quality of that code is to ensure that developers know what good looks like (through awareness and education) and that they are empowered (through tooling and processes) to produce code that meets the mark.

Grant Ogners

Secure Delivery

Francesco is an Executive, Public Speaker, out of the box thinker. Francesco is the CEO of AppSec Phoenix a cybersecurity unicorn startup revolutionizing the way organizations do vulnerability management and Managing director NSC42 Ltd a UK based cybersecurity consultancy. As an executive, he loves to stay close to the technology but to keep it simple.

Francesco Cipollone

AppSec Phoenix Founder

It would not be hard to argue that AppSec is the most difficult part of infosec today. Security needs to get out of our organizational silos and be proactive, helpful partners to the Application development teams who are in the midst of navigating a generational change in SDLC process and architecture. Ensuring that we have an awareness of how, where, and what attackers are doing to apps in production as well as having a clear bug identification and remediation strategy are both fundamental to building an effective defensive strategy that both development and security teams can carry out

Andrew Peterson

Signal Science, Fastly

“The key to building secure software is knowledge” Even the most automated security pipelines rely on someone to interpret the results and take proper action, which boils down to security knowledge.

Dr. Philippe De Ryck

Pragmatic Web Security

Nicole Becher is currently the Director of Information Security & Risk Management for S&P Global Platts, a leading provider of energy and commodities information and benchmark price assessments in the physical commodity markets. In this role, she works with both technology and business leadership to ensure security is built into the strategic plans of the organization, especially as new technology is deployed.

Nicole Becher

Shehackspurple

Vandana is a seasoned security professional with experience ranging from application security to infrastructure and now dealing with Product Security. She has been Keynote speaker / Speaker / Trainer at various public events ranging from Global OWASP AppSec events to BlackHat events to regional events like BSides events in India. She is part of the OWASP Global board of directors. She also works in various communities towards diversity initiatives InfosecGirls, WoSec

Vandana Verma

Snyk

Chris Sellards has a Doctor of Science in Cybersecurity from Capitol Technology University. His dissertation was a quantitative study focused on DevSecOps. He has 24 years of experience in IT, over 20 years in information security, and 15 years working with application security. He has built AppSec programs in the medical, financial services, and insurance industries. He has developed the strategy driving AppSec programs aligned with business security requirements (both for in-house dev teams and outsourced) and has done the hands-on work implementing automated SAST into multiple DevOps pipelines and analyzed findings with developers to identify false positives, tuning queries, setting up incremental scans, and integrating output with tracking tools. He currently serves as Director of Security Architecture & Engineering at The Argo Group and as an Adjunct Professor at the University of Texas at San Antonio.

Chris Sell

Designation

Why we came together to write this report

Application security is a growing concern for boards and organisations. We’ve seen a rise in focus on

Application security as more and more elements in the organisation is becoming code-driven

According to a recent survey carried out on C-suite users, a total of 53% of respondents indicated

“Cybercrime and data breaches” are the number one concern for cybersecurity. [IBM Study]

So why criminals (not a hacker) attack an organisation? Well mostly for financial reason, even though there are exceptions, (see later in the report).

Verizon’s Data Breach Investigations Report (DBIR) finds that 86% of data breaches are financially
motivated—up 15% over the previous year. In contrast, espionage—the second-highest motive—declined

from 2018 to 2020.

What was 
our mission?

With more code, and more vulnerabilities being disclosed we decided 
to put the energy together to create a modern book for DevSecop Practitioners and Security Specialist

The book focus on data breaches statistics and how they are linked to application security and further dive into the potential methodologies (the HOW) and solution (the WHAT).

Application security zero to hero Ebook

DOWNLOAD the FREE book on Application & Cloud Security

Fill out the form to register and receive an e-mail when the white paper will become available straight in your inbox

White Papers

SLA are dead long live 
SLA – Data driven approach on Vulnerabilities

Vulnerability Management at scale & the power of context based prioritiz…

Application & Cloud security program

Content Risk and prioritization. 
Dos and don’ts

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: Shield Security
This Site Is Protected By
Shield Security