Using WhiteHat’s repository of scan data, this report reviews current trends on the use of devops related approaches and the implications these practices have upon application security results. (more available)

This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance. (more available)

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. (more available)

This paper discusses some API’s and how you can protect them from an attack.

It is the intention of this paper to provide you the reader with the essential tools and language that you can use to educate your board members on the importance and necessity of Application Security. (more available)

This is the 12th annual WhiteHat Security Statistics Report. This year they’ve added some real metrics around DevSecOps. They’ve also added a new SAST section and a mobile security section. (more available)

From the report, “Rather than provide a lengthy analysis of the data in this Stats Report in this introduction, we’ve decided instead to provide some “what this means to you” commentary at the end of the three main sections of the report; commentary that attempts to make the data relevant to Executives, Security practitioners and DevOps professionals. (more available)