Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

1/29/2020
01:00 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

9 Things Application Security Champions Need to Succeed

Common elements to highly effective security champion programs that take DevSecOps to the next level
Previous
1 of 10
Next

 
Application security leaders are increasingly developing formal security champion programs that help their companies better embed security expertise and accountability across development and DevOps teams. Security champions are developers, architects, and engineers who take the lead within their teams and projects on security objectives.
 
"A security champion is fundamentally an enabler and promoter of application security best practices," says Shawn Asmus, director of threat management for Optiv. "They help promote the adoption of tools and standards, as well as consult with developers regarding testing results and proposed remediations."
 
Security champions pursue advanced training and are an extra resource for their peers to answer security-related questions. They work with the security team to set realistic requirements for their peers, to more effectively choose and integrate security tools that mesh with development workflows, and to ensure that dev teams are making good on their security promises.
 
We recently surveyed some experts to get perspective on what security champions need to succeed in their roles. Here's what they had to say.
 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. 
View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12393
PUBLISHED: 2020-05-26
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execut...
CVE-2020-12394
PUBLISHED: 2020-05-26
A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.
CVE-2020-12395
PUBLISHED: 2020-05-26
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Fi...
CVE-2020-12396
PUBLISHED: 2020-05-26
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.
CVE-2020-10719
PUBLISHED: 2020-05-26
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.