Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Application Security Starts in the Cloud

Watch Now

To watch this webinar you’ll need an Infosecurity Magazine account. Log in or sign up for yours below.

Log In

Sign Up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in out online comments.
Your password should be at least six characters long. It is case sensitive. Passwords can only consist of alphanumeric characters or ~!@#$%^&*()_-+=?.

By registering you agree with our terms and conditions and privacy policy.

Whether it’s web apps, desktop apps, or mobile apps, the "cloud" is the key to starting a software security program

Our world increasingly relies on software.  Unfortunately, however, building secure software is not an established course in most universities, and the majority of developers don’t have enough experience to know the threats that exist. As a result, software today is filled with vulnerabilities.  The consequences of insecure software can be found in the growing number of data breaches due to attacks against software.

Today, more and more companies are beginning to roll out software security programs. These programs typically follow a similar course:

  1. Hire contractors to run a penetration test against a few critical applications. This raises awareness of vulnerabilities in tested applications, and might delay some of them from going live.
  2. Purchase penetration testing software and develop some expertise in house. This continues to raise awareness, requires more penetration testers, and begins to get developers thinking that they need to start getting involved in order to ensure their applications "pass" the penetration test.
  3. Development teams work with security teams to start analyzing the code earlier in the development lifecycle. This reduces the cost of fixing vulnerabilities, educates developers on secure coding, and ensures that the penetration test doesn't uncover anything too critical.

Education becomes key; as developers become aware of vulnerabilities in their software and how to prioritize them, they develop secure coding practices that result in fewer vulnerabilities in the first place.

This is the common approach, and it has worked successfully over the years. However, the introduction of cloud-based security offerings that offer a more comprehensive view into an application’s security posture allows companies to greatly accelerate this process. The cloud combines the ease of hiring contractors with the efficiency and scaling of running a program in house.

This webinar will talk about rolling out a software security program and how the cloud can greatly accelerate the process while lowering the total cost of ownership and providing a great return on investment.

CISSPs, SSCPs and ISACA members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.


Steve Gold

Steve Gold, Infosecurity Magazine

    Taylor McKinley

    Taylor McKinley Principal Product Manager, HP Fortify

      Rolf von Roessing

      Rolf von Roessing Vice President International, ISACA