Podcast: Key Takeaways From Veracode's Latest State of Software Security Report

Key SoSS Takeaways 2017

Veracode just published its latest “State of Software Security” report, get it here. Based on Veracode Platform data, these “SoSS” reports have been offering a goldmine of intelligence about how organizations are approaching AppSec since 2011. This year’s report is no different. Evan Schuman recently sat down with Veracode’s Director of Product Management Tim Jarrett to discuss the findings... READ MORE

A Very V-E-R-Y Long Day Without Software

eschuman's picture
By Evan Schuman October 11, 2017

Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people better... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 20, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Top 3 Ways Veracode’s Integrations Make Developers' Jobs Easier

mloughlin's picture
By Maria Loughlin September 19, 2017  | Secure Development
Veracode integrations make development's job easier

As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software is... READ MORE

Veracode’s Colin Domoney Nominated as Security Leader of the Year

hcampbell's picture
By Helena Campbell September 18, 2017  | Security News
Colin Domoney nominated as security leader of the year

We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central role in driving business value... READ MORE

Security: Make a Commitment to Working With Development

cdomoney's picture
By Colin Domoney September 14, 2017
Security should commit to understanding dev processes

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a... READ MORE

How a Single Phone Call Can Compromise Your Company

ckirsch's picture
By Chris Kirsch September 13, 2017
Social Engineering CTF at DEF CON

I’d read about social engineering for a few years before I first stepped into the Social Engineering Village at DEF CON 20. But I didn’t grasp the power of this type of attack until I watched a live call during which employees of major companies simply offered up all the information needed to breach their systems – no technology required. I was hooked. In case you’re not familiar with social... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu