The Security Innovation Europe Blog

Alan Pearson

Recent Posts

Why You Need to Measure Your Application Security Program

Posted by Alan Pearson on Jul 6, 2016

When it comes to application security, what you measure is almost as important as what you do. If you aren’t measuring your efforts by tracking and analysing your results, you will end up with an incomplete and ineffective program, without the support, funds or focus required to protect your organisation against security breaches.

Today I’m looking at 3 risks you run by not properly measuring the efficacy of your application security program.

Read More »

Topics: Security Awareness

A 4-Step Action Plan to Achieve Application Security Compliance

Posted by Alan Pearson on Jul 4, 2016

Organisations go to great lengths trying to achieve compliance with government regulations and industry standards. Application security is becoming an increasingly crucial requirement for achieving compliance, and without good application security processes in place across your organisation, you can easily fall down on compliance as a result.

Today I’m looking at how you can create an action plan to help your organisation achieve application security compliance.

Read More »

Topics: Security Management, Security Strategy

4 Ways to Improve Your Organisation’s AppSec Risk Management Process

Posted by Alan Pearson on Jun 30, 2016

A structured risk management process is necessary to join up security activity across your organisation. A 2016 study by the Ponemon Institute revealed that a massive 28% of organisations have no process in place for managing application security risks, and a further 9% have only an ad hoc process in place.

This means that more than a third of organisations have an ineffective risk management process in place for application security. So today we’re looking at 4 things you can do to improve the application security risk management process in your organisation.

Read More »

Topics: Security Management

Does Your Organisation Have an Application Security Visibility Problem?

Posted by Alan Pearson on Jun 28, 2016

How much does your organisation know about the security of the applications it runs and develops?

According to a recent study by the Ponemon Institute, 35% of organisations don’t use any major application security testing methods for application vulnerabilities – and two thirds of respondents said they don’t have any visibility into the overall state of application security in their organisation.

Today I’m looking at 4 causes of application security visibility problems that your organisation needs to address, in order to protect against vulnerabilities that could put your data at risk.

Read More »

Topics: Security Awareness

3 Steps to Organisation-Wide Application Security Buy-In

Posted by Alan Pearson on Jun 23, 2016

Application security affects everyone in your organisation. To make your latest initiative as effective as possible, it’s important to communicate this to key departments, and help them understand the role they play in application security.

Development and security teams will likely be your first port of call, but to achieve organisation-wide buy-in, there are 3 other crucial departments you need to engage.

Read More »

Topics: Security Strategy

How to Waste Less Time On Software Remediation

Posted by Alan Pearson on Jun 16, 2016

Do you know how much time your dev team spends on remediation?

It’s estimated that as much as 60% of a project’s cost and duration is spent on remediation work, but many senior developers simply don’t know how much time their team spends managing software quality. Whatever the exact amount, it’s clear that remediation is a very time-consuming element of the majority of development projects – but it doesn’t have to be.

Today I’m looking at 3 things that can help to significantly reduce the amount of time your dev teams have to spend fixing bugs and vulnerabilities, so they can focus their energy on the functionality and features of the applications you’re developing.

Read More »

Topics: Security Management, Security Strategy

4 Ways to Get Your Dev Team to Buy in to Your Application Security Program

Posted by Alan Pearson on Jun 14, 2016

When you’re looking to improve application security within your organisation, it’s important to get buy-in across the company. You need to create a culture that prioritises security. However, it can be hard for developers to prioritise security, as they are judged on the functionality rather than the security of their code.

So today I’m looking at 4 ways to get buy-in from your dev team to help them prioritise application security as much as the rest of your organisation.

Read More »

Topics: Security Management, Software Development

What are the Top 3 Causes of Vulnerabilities in Your Applications?

Posted by Alan Pearson on Jun 8, 2016

While your developer and security teams work hard to secure the applications they develop, somehow vulnerabilities creep in despite their best intentions and effort. These vulnerabilities compromise the security of your application and your company’s data, and understanding where they come from is the first step to improving your application security.

So today I’m looking at the leading causes of vulnerabilities in your applications.

Read More »

Topics: Security Management, Software Development

5 Steps to Conducting a Secure Code Review

Posted by Alan Pearson on Jun 3, 2016

When it comes to conducting code reviews, no doubt your dev team are great at reviewing for functionality and performance. However, with new application security risks emerging all the time, it is vital that your dev team starts to make application security as much of a priority as functionality.

Today I’m looking at five steps they can follow to conduct a code review that identifies security bugs and vulnerabilities.

Read More »

Topics: Software Development, Implementing Security, Security Strategy

How to Respond to Vulnerability Disclosures

Posted by Alan Pearson on Jun 1, 2016

In the last couple of years there seems to have been an ever-growing number of high-profile vulnerability disclosures: Heartbleed, GHOST, Shellshock.

High-profile vulnerabilities like these shine a spotlight on application security, which means your security team is put under increased pressure to react to this particular vulnerability, rather than focusing on creating a comprehensive plan to secure the applications your teams are developing.

Read More »

Topics: Security Management, Security Strategy