This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. The results of this study show that organizations are finding ways to keep up with rapid change through DevOp but they have a number of challenges they still need to deal with.

This paper discusses some API’s and how you can protect them from an attack.

It is the intention of this paper to provide you the reader with the essential tools and language that you can use to educate your board members on the importance and necessity of Application Security.

This is the 12th annual WhiteHat Security Statistics Report. This year they’ve added some real metrics around DevSecOps. They’ve also added a new SAST section and a mobile security section.

From the report, “Rather than provide a lengthy analysis of the data in this Stats Report in this introduction, we’ve decided instead to provide some “what this means to you” commentary at the end of the three main sections of the report; commentary that attempts to make the data relevant to Executives, Security practitioners and DevOps professionals. Security is a concern that spans multiple teams in an organization – from the board and C-suite, to IT and development teams, to the security team and beyond – and the data in this report will mean different things to these different audiences.”