New headlines provide ongoing evidence that IT Security teams are losing the battle against attackers, reinforcing the need to address the security of enterprise applications.This Analyst Insight reviews several practical steps you can take to get started now.
If your company stores or processes credit card information, you must be able to demonstrate compliance with the Payment Card Industry (PCI) Data Security Standards (DSS). These standards include requirements for security management, policies, procedures, network architecture, design, and other critical protective measures. They also include one very prescriptive requirement: Section 6.6 mandates that organizations secure all Web applications by conducting a code review or installing an application layer firewall. Companies have had a very difficult time passing the other parts of Section 6 and they have experienced a rising number of data breaches. Unless companies take 6.6 seriously, PCI compliance failure rates, and data breaches, will continue to grow. Read this whitepaper to gain an overview of best practices to pass Section 6.6 and an understanding of the technology available to you.
Is open source secure? How much business risk is introduced with it? Fortify surveyed the open source community for an answer and revealed that open source projects lack the three essential elements of security: people, process and technology. Read this research to discover what actions can reduce these risks within your organization.
The hacking community has shifted its effort toward a new frontier: the application layer. How are companies responding? Business Software Assurance – the capability to address the problem of application risk within an enterprise. This whitepaper provides an overview of the severity of the problem along with everything needed to develop Business Software Assurance in your organization.
Fortify's report summarizes electronic as well as traditional methods of voting including absentee ballots. This voting guide will provide recommendations for voters who want to make sure their vote counts and for federal and state governments on how to devise efficient and accurate voting processes and systems.
Fortify Software conducted a candid interview with Avi Rubin, Professor at Johns Hopkins University and specialist in the field of eVoting security risks. He discusses the concerns around software security as well as the voting solutions surrounding software independence.
For a CISO, open source introduces a new source of risk and unique security challenge: how do you influence developers over whom you have no direct management control? Jennifer Bayuk, former CISO of Bear Stearns, provides insight on best practices for evaluating, deploying and managing open source code.
While investments to secure the enterprise continue to rise, breaches into company systems and data are skyrocketing. These cyber crimes are consistently debilitating organizations operations, reputations and ultimately, viability. Today’s CEOs are demanding aggressive strategies to protect their business. CIOs and CSOs are working together to employ proven Business Software Assurance approaches across the enterprise to stay ahead of constant threats.
With an extensive background in police, military, government, and industry security, Howard Schmidt explains how to respond to the changing landscape of cyber threats and how business leaders are helping set the standards for application security. He then profiles industry role models who are setting the standard for application security.
As the military and US government rely more heavily on custom-built applications for communications and management, they also become more vulnerable to cyber attacks. Worse, according to the Dept. of Homeland Security, the number of attacks on custom-built applications is doubling every year. Learn about critical threats, methods that military and civilian agencies can use to deal with cyber attacks and technologies that improve security for custom-built applications.
This webinar explores 12 of the most common security traps in Java by examining the causes of security failures in modern Java–based applications. Approaching security with an “outside in” style, we look at vulnerabilities from a developer’s perspective, focusing on the source code.
Matt Rose, Senior Software Security Consultant at Fortify Software, shares his findings from a year analyzing millions of lines of code. He unveils his top ten most common vulnerabilities and provides detailed examples of each. These technical examples come from his experience working with fortune 500 companies, government agencies, and major ISVs.