4 risks from legacy applications

Security professionals are prone to delivering edicts about securing code in new dev projects, but what about the mountain of existing code that is already in production? Both security professionals and stakeholders alike often...

Secure agile software development: Never one-and-done

Taking the development world by storm since its introduction and popularization in 2001, the Agile Software Development model aims to keep development goals and timelines short and sweet, with frequent testing to deliver...

How to build a culture of security within your organization

Organizations continue to place themselves in the line of fire by the same set of avoidable flaws that invariably show up in software -- both small and large organizations alike wind up with copius amounts of un-quantified risk....

The 5 places that security testing should happen, but doesn't

The seemingly never-ending spate of hacking attacks is now the unfortunate norm across the web landscape. Among the casualties lay everything from personal data to entire companies who have been mercilessly eradicated in the...

Embrace comprehensive security, not just the 'Top 10'

There are few application security projects more popular than the OWASP Top 10.  The Top 10 project, which began over a decade ago, has been a vital tool in standardizing and popularizing security terms and issues for innumerable...

Security: Why choosing frameworks, platforms and language matter

When creating a web project, whether large or small, the process of selecting the underlying platform is an art. Although most developers, web architects, and stakeholders are generally aware of the security necessities it is often...

5 key principles for a successful application security program

The last few years have been filled with anxiety and the realization that most websites are vulnerable to basic attacks.  We now live in a world where daily reports of massive data loss, denial of service, and even complete ruin of...

Jerry Hoff

Jerry Hoff is vice president of the Static Code Analysis division at WhiteHat Security. In this role, he oversees the development of WhiteHat's cloud-based static application security testing (SAST) service. Prior to WhiteHat, Mr....

Load More