Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

1/29/2020
01:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

9 Things Application Security Champions Need to Succeed

Common elements to highly effective security champion programs that take DevSecOps to the next level
Previous
1 of 10
Next

Image Source: Adobe (Gajus)

Image Source: Adobe (Gajus)

 
Application security leaders are increasingly developing formal security champion programs that help their companies better embed security expertise and accountability across development and DevOps teams. Security champions are developers, architects, and engineers who take the lead within their teams and projects on security objectives.
 
"A security champion is fundamentally an enabler and promoter of application security best practices," says Shawn Asmus, director of threat management for Optiv. "They help promote the adoption of tools and standards, as well as consult with developers regarding testing results and proposed remediations."
 
Security champions pursue advanced training and are an extra resource for their peers to answer security-related questions. They work with the security team to set realistic requirements for their peers, to more effectively choose and integrate security tools that mesh with development workflows, and to ensure that dev teams are making good on their security promises.
 
We recently surveyed some experts to get perspective on what security champions need to succeed in their roles. Here's what they had to say.
 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Companies Should Care about Data Privacy Day
Brad Shimmin, Distinguished Analyst,  1/29/2020
Average Ransomware Payments More Than Doubled in Q4 2019
Jai Vijayan, Contributing Writer,  1/27/2020
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
Jai Vijayan, Contributing Writer,  1/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: absent in search
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20174
PUBLISHED: 2020-02-03
Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.
CVE-2013-2674
PUBLISHED: 2020-02-03
Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers.
CVE-2016-10001
PUBLISHED: 2020-02-03
A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP_PROXY variable, which could let a malicious user redirect outbound HTTP traffic
CVE-2016-4676
PUBLISHED: 2020-02-03
A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information.
CVE-2019-18567
PUBLISHED: 2020-02-03
Bromium client version 4.0.3.2060 and prior to 4.1.7 Update 1 has an out of bound read results in race condition causing Kernel memory leaks or denial of service. Versions prior to