The following is a guest blog from Michael Kaiser, executive director of the National Cyber Security Alliance.
October is National Cyber Security Awareness Month.
National Cyber Security Awareness Month is about everyone doing their part to make sure our online lives are kept safe and secure.
The Internet is a shared resource and securing it is our Shared Responsibility.
So what does this entail?
Veracode Security Researcher Ryan O’Boyle educates us about Ruby on Rails. He answers the following questions:
What is Ruby on Rails?
What makes Ruby on Rails a popular framework?
What types of companies are using Ruby on Rails?
How well do consumer cyber security awareness efforts work? That’s a good question, and one somebody might consider answering!
The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. If customers or employees don’t know that, say, clicking on a curious link on their Facebook wall or opening the iloveyou.exe e-mail attachment could compromise their security, how do we gain ground against cyber crime, cyber espionage, spam and other online ills?
We’re back from the Gartner UK event in London! Thank you to everyone who came by our booth or attended our Solutions Provider Session.
Here are a few pictures of the Veracode booth at the Mixology reception:
RSA has published, “THE VOHO CAMPAIGN: AN IN DEPTH ANALYSIS” which describes an APT style campaign against several targets. The campaign used malicious content on several websites dubbed “watering holes” in order to compromise the campaign target’s client machines.
Injecting malicious content into vulnerable websites that will then become a drive-by client attack to a website visitor is old news. I wrote about this in my blog post, “SQL Injection Tangos with Heap Overflows”, back in Dec 2008.
What I see new here is the watering hole concept where the websites that are …
The following post is about a beta software release, which may — and hopefully will — change.
You know what they say about assuming…
My faithful army of security-minded Twitter followers alerted me to a sudden change in the Ubuntu Linux distribution’s 12.10 beta build that they found alarming: Amazon search had been integrated into the system search bar by default, so that, for example, searching for a musician’s name to find your MP3s on your local hard drive would also suggest albums on the Amazon store. As everyone assumed, the purpose of this surprise feature is to help Ubuntu raise …
Without the software equivalent of an FDA inspector to walk the floor and impose costs (fines, penalties) for shoddy work or unsanitary conditions, it’s a race to the bottom when it comes to the quality of the code that’s produced.
The playwright and existentialist Jean-Paul Sartre famously observed that “Hell is other people.” Put in the modern context, however, it might be more accurate to say that “Hell is other people’s code.”
With yesterday’s launch of our VAST (Vendor Application Security Testing) program comes our Secure Software Supply Chain Toolkit. This kit is aimed to get you on the road to reducing your company’s risk. We hope you find these best practices and tools helpful as you you and your vendors take steps to securing their applications.
Navigating the security superhighway of application perimeters, vendor software and in house development efforts can be a complex and intimidating task. We aim to shift your efforts to the fast lane with our new program, VAST!
Today marks the official launch of our new Vendor Application Security Testing (VAST) program, designed to help enterprises manage the risks inherent in vendor-supplied software applications.
This summer, Veracode Solutions Architect Chad Holmes presented a webinar on third party application analysis. The webinar recommended several best practices for enterprises, application vendors, and application analyzers to follow in the third party application analysis process. In this blog post we’ll highlight Chad’s best practices and the key takeaways from his presentation.
The annual Gartner Security & Risk Management Summit is a two-day event that brings Gartner analysts and the security and risk management community together in one location to discuss the latest research, insights and forward-thinking perspectives found nowhere else. The summit features five in-depth programs and more than 50 sessions. Veracode will be exhibiting and speaking at the Gartner Risk & Security Management conference in London, UK this week September 19-20.
Millions of web sites suddenly became unreachable on Monday due to severe DNS-related problems at GoDaddy. Whether this was the result of a hack, or an internal problem, or a combination of both remains a hot topic, but today we’re going to ask a more pragmatic question: Could your domain survive a DNS attack or failure?
You may already have a robust, reliable web application infrastructure, but if a DNS problem prevents people on the Internet from connecting to your site, then it hardly matters how good the rest of your system is.
The key to a robust DNS infrastructure is …
Internet privacy is a hot topic these days as advertisers are looking to make money off every bit of available data. There are increasing concerns over unsolicited tracking done by advertisers and website owners and recent legislation has shone a spotlight on the topic as well. Collusion is a great add-on for Firefox made by Mozilla that shows, in real time, how the data you share creates a spider-web of interaction between companies and other trackers.
After our latest Hackathon I wanted to get feedback from our various participants on what they thought of the event and what they thought could be improved. We came up with three simple questions and welcomed any answers at all. What you see below is a sampling of the responses we received.