Chris Wysopal, Veracode Co-Founder and CTO, recently sat down with Tom Field, ISMG Senior Vice President of Editorial, for an executive interview at the RSA Conference 2021 to discuss if digital transformations are making application security (AppSec) “headless.”

Chris Wysopal, Co-Founder and CTO at Veracode, and Joshua Corman, Chief Strategist of Healthcare and COVID at CISA, presented at the 2021 RSA Conference on AppSec’s future and the need for a new Chief Product Security Officer (CPSO) role. Wysopal started by quoting entrepreneur Marc Andreessen saying, “Software is eating the world,” to express just how much we rely on technology. From our iPhones and laptops to our cars and even our refrigerators … software is everywhere.

With all the headlines about ransomware attacks hitting companies hard, you might think there’s only bad news around the subject. Well, think again.

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns.

APIs are a key part of modern web application development transforming how organizations build, manage, and scale their web and mobile services. In this blog we discuss why APIs are the new web application security, highlighting the growing challenges of API security risks and sharing best practices for preventing API attacks.

When Apple released their privacy nutrition labels, it was seen as a key turning point in platform-level privacy. Even so, while Apple holds control of mobile device profits and industry mind share, they do not account for the majority of mobile devices globally—especially in developing countries. The iPhone is expensive, and therefor any of its privacy protections become a benefit only to those that can afford their devices.

Here’s the story of an information security engineer whose organization urgently needed new security log management stack that would enable him and his peers to not only survive but really thrive. In this Log’s Honest Truth podcast, presented in partnership with ITSP Magazine, Julian Waits, GM of the Devo cyber business unit & public sector, discusses the confessions of “Mr. B,” an information security engineer. Mr.

In order to get a grasp on how to ease security incident management and response processes, there are terms to be clarified first. First of all, a security incident is the common name of an attack towards an organization’s cybersecurity system, network, or data in general. In addition, TechSlang also includes successful attacks within the term “incident”. Therefore, whether impactful or not, all types of attacks, violations, or exploitations can be described as security incidents.

As the pandemic starts to fade, it can be easy to fall into a false sense of security. While there’s finally an end to COVID-19 insight, the cybersecurity pandemic rages on. 2020 was a record year for cybercrime, and the same threats will plague 2021. Amid the disruptions of 2020, many businesses embraced remote work, cloud services, and IoT technologies. These changes, in turn, led to a shifting cybersecurity landscape as cybercriminals adapted and new threats emerged.