Happy Friday, all!

It’s time for our weekly news roundup, and these are the stories that made it to our list this week.

1. Ross Brewer of Help Net Security Blog authored “Cybercriminals increasingly target financial services industry”. The post details a new report released by PWC this week that revealed that the financial services industry was the most common target of cybercriminals, and accounted for 38 percent of incidents, more than double that of other industries. Brewer goes on to say that, “Traditional perimeter security solutions such as anti-virus or encryption, while still playing a part …

Yesterday, we showcased the top blog posts on the Veracode Blog from all time, and we promised a Part II to Veracode’s Greatest Hits. Here it is. Enjoy!

Are there any favorite posts you like on the Veracode Blog that did not feature in this list? Let us know, we’d love to hear from you.

Since its inception, the Veracode Blog has seen a lot of activity from bloggers across the company. We crunched some numbers to look at our most popular blog posts ever. Some posts are from previous years, while others are more recent – but their popularity attests to the fact that they are all hugely informative and entertaining. Browse this hugely popular listing of our posts, and let us know if your favorite made it in! Enjoy!

In her years working in the security space, Veracode’s SVP of Product Marketing, and long time security professional, Sam King has often been asked if companies should secure all their applications, or only their most critical applications. We recently recorded a chalk talk with Sam, where she addresses this frequently asked customer question.

We also added in a transcript of the video below.

So I often get the question from customers – do I have to test all my applications or can I get away with just testing my most mission critical ones?

So here’s how I answer that – …

In addition to bringing you the latest in AppSec research and news in this blog, we will begin presenting short educational briefings on key subjects within the application security space. We hope you will enjoy and learn from these short posts. We value your opinion, so please let us know if there are any concepts or topics you would like to hear about from us.

Today, I would like to pen my thoughts on a Data Breach. We hear of data breaches happening ever so frequently, so what exactly is a data breach and how can it occur? Read on…

Editor’s …

Veracode is proud to announce that we have been chosen to be a part of the 2012 OnDemand 100 Top Private Companies. Inclusion in the OnDemand 100 signifies leadership amongst its peers and game-changing approaches and technologies that are likely to disrupt existing markets and entrenched players. Read the post to learn more about the listing, and to see the other companies that made the list.

Happy Friday all! Spring has sprung, bringing warm weather to the Boston area along with some hot topics in the application security world:

Veracode at Black Hat Europe: Chris Wysopal recently presented at Black Hat Europe. Chris’s presentation, titled ‘Data Mining a Mountain of Zero Day Vulnerabilities’, explored the most common software security flaws as seen by the Veracode Platform. Contact us or Tweet us to get a copy of the slides.

Android Security: “Is Google confused about Android Security?” by Tim Armstrong (@Securelist). In this blog post Tim Armstrong …

Verizon just released its 2012 Data Breach Investigative Report which contains findings contributed by global agencies such as the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police. I thought it would be good to put together a quick summary covering application security specific highlights in the report. Enjoy!

81% of attacks utilized some sort of Hacking. Within hacking there is a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen login credentials and …

Chris Wysopal recently authored an article detailing static analysis that was featured in The Testing Planet.

“What is Static Analysis?” provides a comprehensive and in depth yet understandable explanation of the ins and outs of static testing. Using graphics and examples of code, Chris begins with the loading phase and travels through the Application Modeler, Application Analyzer, and the Reporter while detailing subjects as control flow, range propagation, and triggers and risk analysis. Data injection flaws, memory corruption, information leakage, integer overflows or underflows, as well as threading and race conditions are also covered.

The article …

This is the second post about our 2012.2 release. On February 29, Veracode released its second service update of 2012. Our 2012.2 release has a bunch of features aimed at simplifying a variety of parts of rolling out and engaging users in an application security program, including provisioning users, working with flaws on the desktop, and getting developers engaged in the process of fixing security issues.

Yesterday I discussed how Veracode’s new Best Practices scans give a “green light” to developers when we find that they’ve successfully used security best practices–providing a more friction-free introduction to static …

On February 29, Veracode released its second service update of 2012. Our 2012.2 release has a bunch of features aimed at simplifying a variety of parts of rolling out and engaging users in an application security program, including provisioning users, working with flaws on the desktop, and getting developers engaged in the process of fixing security issues.

Today I’ll talk about getting developers engaged in fixing security issues, because it’s one of the hardest and most challenging problems with rolling out an application security program. As Chris Eng pointed out in his earlier blog post, developers can get very …

It’s Friday and time for our Weekly News Roundup.

CNet’s Zero Day Blog features an article authored by Ryan Naraine that covers the outcome of Google’s Pwnium hacker contest that was won by teenage hacker “Pinkie Pie”. The teen, who’s true identity could not be reveled because he was not authorized by his employer to participate in the contest, employed three different zero-day vulnerabilities in the browser to evade its protective sandbox. It is further reported here that Google has already repaired the vulnerability and shipped the solution as a critical update.

Editor’s Pick

Last year, Forrester predicted that cloud computing would top $240 billion in 2020. Market Research Media came up with a more aggressive forecast of $270 billion in 2020. And with tons of other market research studies pegging high numbers for the future of cloud computing, it looks like cloud computing is here to stay.

However, even as companies are adapting to this new paradigm, there are growing concerns about the safety of their data in the cloud. Incidents at cloud service providers like Dropbox, where a security glitch let visitors use any password to …

The Story of the Small and Medium Independent Software Provider in a Risk-Averse World

Small or Medium Independent Software Providers value fast development-to-production timeframes. They want to pay great developers to create great functionality, and get a great product out the door….FAST! The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production of these types of apps, but perhaps more importantly, the widening gap between speed-to-market and software security quality.

The application security problem reaches well beyond the Fortune 500. Mid-market …