Securing Your Applications - From Testing to True Software Assurance

Presented by

Derek Brink, VP & Research Fellow, Aberdeen Group

About this talk

So you've successfully gotten started with your application security initiative -- now what? How do you take securing your applications to the next level? Characteristics of the companies achieving top performance in application security include: - Start from a solid foundation of testing - Start small (e.g., with a proof-of-concept) and then expand by building on your success - Establish a risk-based approach on what vulnerabilities to address and when - Partner between the IT Security and Application Development teams to expand your program beyond testing to create a true software assurance program Research from Aberdeen Group confirms that bringing about a systemic change across the entire software development lifecycle -- i.e., to become "secure at the source" -- yields the best results. In addition to the use of several enabling tools and technologies -- including application vulnerability scanning, penetration testing, manual source code reviews, static source code analysis and verification, and dynamic source code analysis and verification -- this webinar will review the "people and process" capabilities that most strongly differentiate the top performers.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (38)
Subscribers (1208)
What separates "Best-in-Class" (top 20%) organizations from their "Industry Average" (middle 50%) and "Laggard" (bottom 30%) counterparts when it comes to various topics in IT Security? Aberdeen's unique, fact-based approach to market research provides a framework for end-user organizations to benchmark their own strategies, capabilities and use of enabling technologies against companies with top performance. Areas of coverage in Aberdeen's IT Security practice include topics in Identities and Access, Data Protection, IT Infrastructure Security (including Endpoints, Delivery Platforms, Applications and Databases, Networks, and Storage), Physical Infrastructure Security, Policies, and Security GRC (Governance, Risk Management, and Compliance). Complimentary access is provided to the full benchmark research reports, for a limited time after initial publication.