The 2010 Gartner Magic Quadrant for Static Application Security Testing (SAST) has been published and Veracode is recognized as a leader. We are pleased to be able to share the leaders position with IBM and HP, two of the biggest and oldest companies in information technology. I am very proud of the work the Veracode team has been able to accomplish as a 4.5 year old company.

To get our service to the performance level where it is today has taken many hard earned lessons. These were learned satisfying the application security testing needs for …

The Top 10 Mobile Application Risks, or “Mobile App Top 10” for short, is designed to educate developers and security professionals about the mobile application behavior that puts users at risk. This behavior can be maliciously designed or inadvertent.

Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system. In this respect many of the risks are similar to those of traditional spyware, Trojan software, and insecurely designed apps. However, mobile devices are not just small computers. Mobile devices are designed around personal and communication …

As we close out an security eventful 2010, the Veracode research team though it would be a good idea to think about what we are likely to see happen in 2011. Here are 5 predictions we believe will have a very good chance of coming true.

1. Sandboxing goes mainstream with adoption by Firefox and Internet Explorer
Sandboxing can prevent the exploitation of coding errors by preventing code running inside the sandbox from interacting with the operating system. Software companies with apps that are designed to render data and interpret script code downloaded from the Internet start to adopt sandboxing.

2. …

As application inventories have become larger, more diverse, and increasingly complex, organizations have struggled to build application security testing programs that are effective and scalable. New technologies and methodologies promise to help streamline the Secure Development Lifecycle (SDLC), making processes more efficient and easing the burden of information overload.

In the realm of automated web application testing, today’s technologies fall into one of two categories, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). SAST analyzes application binaries or source code, detecting vulnerabilities by identifying insecure code paths without actually executing the program. In contrast, …

I created this video for an internal Veracode video contest. It’s intended to poke fun at the abundance of “thought leaders” we have in our industry. I shared it on Twitter yesterday but thought I would post here on the blog as well. A handful of people have asked if it’s meant to satirize any particular person — sorry to disappoint, it’s just a composite. Enjoy!