Lawyers smartening up with cybersecurity: ”Lawyers Get Vigilant on Cybersecurity“ by Jennifer Smith. Law firms are now beginning to see an increasing number of cyber attacks. With the use of mobile devices to handle deals and other confidential matters, firms are now starting to smarten up and lock down. Lawyers are being asked to encrypt messages, avoid free Wi-Fi, and even be cautious with text messages. In 2010, Gipson Hoffman & Pancione were able to trace data retrieving emails to Chinese servers that were similar to the ones that were sent to a software company filing a $2.2 billion lawsuit …
It’s Thursday again so that means it is time for the third drink recipe in our series “The Many Flavors of AppSec”. Over the past two weeks you’ve got to indulge on our Anonymous and AppSec in the Cloud cocktails. This week we present the SQL Injection Shot!
Hi everyone, today we present an opinion piece from Ed Jones of Firebrand Training. In this post Ed discusses the “Flame” virus. I hope you enjoy this quick read!
Check out this video with Veracode Security Researcher Fred Owsley discussing SQL Injection. SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Fred explains how SQL Injection occurs and what you can do protect your data from a SQL Injection attack. The video can be viewed below, enjoy! For your convenience we have also transcribed the video.
We recently recorded Veracode Security Researcher Chris Lytle discussing Insecure Cryptographic Storage. Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Protecting sensitive data by encrypting it should be a key step in a Secure Software Development Lifecycle. In this video Chris describes what Insecure Cryptography is and explains the impact of Insecure Cryptographic Storage Flaws.
Dynamic Application Security Testing (DAST) has become an integral part of the SDLC in most organizations today. DAST tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated.
We recently featured a webinar from Veracode Senior Security Researcher, Isaac Dawson, on why we should not gauge the effectiveness of a particular scanner by only looking at the results from scanning these public test sites.
If you would like to view the webinar click here. In addition, we are sharing highlights from our …
Happy Friday everyone! There has been a lot of news involving breaches and their effects this week, so here’s our wrap of this week’s events!
It’s only June, and there have already been 189 breaches this year: “The Worst Data Breaches of 2012 (So Far)” by Ellen Messmer. This slideshow highlights the 15 most significant data breaches this year, with the list including breaches at Emory Healthcare, Thrift Savings Plan, and Global Payments, Inc.
The number of vulnerabilities in control systems continue to rise: “Cyber-Security Threats, Infrastructure Sabotage Rising: McAfee” by Nathan Eddy. Now, there is an increasing threat …
The weekend is nearing again, so that means it’s time for another flavor of AppSec recipe! With the summer heat arriving in Boston this week, we’re all in need of a refreshing new drink. Today we present AppSec in the Cloud. This is the second recipe in our series “The Many Flavors of AppSec”. For anyone who missed last week’s post – The Anonymous cocktail – the recipe can be found here.
Eric Mikulas recently wrote an interesting article about the dangers of scanning QR codes. He conducted an experiment where he put up his own QR codes with no explanation of where they linked to, to see how many people would scan them. He found that a surprisingly large number of people scanned these unknown codes.
Congratulations to Fergal Glynn for having a guest post featured on Business 2 Community.
In this humorous post Fergal discusses what would happen if programming was an Olympic event. He considers a mock programming competition between the United States and the European Union. Fergal scores the two teams in a three round application security themed event.
Many organizations looking at application security for the first time struggle with understanding why they should take a programmatic approach to tackling application security. I’ll touch on five reasons in this post to have a program to deal with application security.
1) Address the full scope of the problem
A quick look at Quocirca’s survey results shows that financial services organizations track around 800 mission-critical applications, those in other industries track around 400 applications. Those applications are conduits to corporate data and intellectual property. The simple fact is that if someone wants your intellectual property, they …
Developers Should Prepare for Mobile Use: “Mobile Device Usage Rising, App Developers Should Prepare: Gartner” by Nathan Eddy. In eWeek this week, Eddy reported on a Gartner report that showed the world of application development is about to experience a paradigm shift towards mobile devices. With an ever increasing number of workers using mobile devices to perform job duties, “IT leaders and application developers need to adapt… Developers and businesses need to evolve mobile applications and interfaces as demand for business-to-business, business-to-employee, and business-to-consumer explodes,” says the report. Naturally, appropriate security measures must accompany this new BYOD movement, as our new …
The official start of summer is just around the corner and we all know what that means – a big uptick in weekend B-B-Q’s and parties! If you’re like many of us on the Veracode marketing team, you’ll be on the lookout for a great new summer drink and we’ve got some ideas for you. We created five brand new cocktails as a part of our Mixology Events at the RSA Conference and the Gartner Security Summit which just happened this week. The drinks were so well received by the event attendees we wanted to share them. …
Check out this French translation of our recent Infographic “Free Wi-Fi: Friend or Foe?” by Vincent Diard from the French blog site Panoptinet.