Application Security Starts in the Cloud

Watch Now

To watch this webinar you’ll need an Infosecurity Magazine account. Log in or sign up below.

Log in
Sign up

Get up-to-the-minute news and opinions, plus access to a wide assortment of Information Security resources that will keep you current and informed.

This will be used to identify you if you take part in our online comments.

Your password should:

  • be at least eight characters long
  • be no more than 25 characters long
  • contain at least one uppercase, lowercase and special character
  • contain at least one digit
  • only contain alphanumeric characters or ~!@#$%^&*()_-+=?.

For more information explaining how we use your information please see our privacy policy.

By registering you agree with our terms and conditions.

Whether it’s web apps, desktop apps, or mobile apps, the "cloud" is the key to starting a software security program

Our world increasingly relies on software.  Unfortunately, however, building secure software is not an established course in most universities, and the majority of developers don’t have enough experience to know the threats that exist. As a result, software today is filled with vulnerabilities.  The consequences of insecure software can be found in the growing number of data breaches due to attacks against software.

Today, more and more companies are beginning to roll out software security programs. These programs typically follow a similar course:

  1. Hire contractors to run a penetration test against a few critical applications. This raises awareness of vulnerabilities in tested applications, and might delay some of them from going live.
  2. Purchase penetration testing software and develop some expertise in house. This continues to raise awareness, requires more penetration testers, and begins to get developers thinking that they need to start getting involved in order to ensure their applications "pass" the penetration test.
  3. Development teams work with security teams to start analyzing the code earlier in the development lifecycle. This reduces the cost of fixing vulnerabilities, educates developers on secure coding, and ensures that the penetration test doesn't uncover anything too critical.

Education becomes key; as developers become aware of vulnerabilities in their software and how to prioritize them, they develop secure coding practices that result in fewer vulnerabilities in the first place.

This is the common approach, and it has worked successfully over the years. However, the introduction of cloud-based security offerings that offer a more comprehensive view into an application’s security posture allows companies to greatly accelerate this process. The cloud combines the ease of hiring contractors with the efficiency and scaling of running a program in house.

This webinar will talk about rolling out a software security program and how the cloud can greatly accelerate the process while lowering the total cost of ownership and providing a great return on investment.

CISSPs, SSCPs and ISACA members can receive 1 CPE credit for attending each webinar. You can earn the credit by simply specifying your number on the registration form and correctly answering 3 multiple choice polling questions about the program at the end of the event.


Steve Gold

Infosecurity Magazine

Taylor McKinley

Principal Product Manager, HP Fortify

Rolf von Roessing

Vice President International, ISACA

Should you watch this webinar your information may be shared with the sponsors indicated above. Please see Infosecurity Magazine’s privacy policy for more information.