The following is a guest blog from Michael Kaiser, executive director of the National Cyber Security Alliance.
October is National Cyber Security Awareness Month.
National Cyber Security Awareness Month is about everyone doing their part to make sure our online lives are kept safe and secure.
The Internet is a shared resource and securing it is our Shared Responsibility.
So what does this entail?
Veracode Security Researcher Ryan O’Boyle educates us about Ruby on Rails. He answers the following questions:
What is Ruby on Rails?
What makes Ruby on Rails a popular framework?
What types of companies are using Ruby on Rails?
How well do consumer cyber security awareness efforts work? That’s a good question, and one somebody might consider answering!
The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. If customers or employees don’t know that, say, clicking on a curious link on their Facebook wall or opening the iloveyou.exe e-mail attachment could compromise their security, how do we gain ground against cyber crime, cyber espionage, spam and other online ills?
We’re back from the Gartner UK event in London! Thank you to everyone who came by our booth or attended our Solutions Provider Session.
Here are a few pictures of the Veracode booth at the Mixology reception:
RSA has published, “THE VOHO CAMPAIGN: AN IN DEPTH ANALYSIS” which describes an APT style campaign against several targets. The campaign used malicious content on several websites dubbed “watering holes” in order to compromise the campaign target’s client machines.
Injecting malicious content into vulnerable websites that will then become a drive-by client attack to a website visitor is old news. I wrote about this in my blog post, “SQL Injection Tangos with Heap Overflows”, back in Dec 2008.
What I see new here is the watering hole concept where the websites that are …
The following post is about a beta software release, which may — and hopefully will — change.
You know what they say about assuming…
My faithful army of security-minded Twitter followers alerted me to a sudden change in the Ubuntu Linux distribution’s 12.10 beta build that they found alarming: Amazon search had been integrated into the system search bar by default, so that, for example, searching for a musician’s name to find your MP3s on your local hard drive would also suggest albums on the Amazon store. As everyone assumed, the purpose of this surprise feature is to help Ubuntu raise …
Without the software equivalent of an FDA inspector to walk the floor and impose costs (fines, penalties) for shoddy work or unsanitary conditions, it’s a race to the bottom when it comes to the quality of the code that’s produced.
The playwright and existentialist Jean-Paul Sartre famously observed that “Hell is other people.” Put in the modern context, however, it might be more accurate to say that “Hell is other people’s code.”
With yesterday’s launch of our VAST (Vendor Application Security Testing) program comes our Secure Software Supply Chain Toolkit. This kit is aimed to get you on the road to reducing your company’s risk. We hope you find these best practices and tools helpful as you you and your vendors take steps to securing their applications.
Navigating the security superhighway of application perimeters, vendor software and in house development efforts can be a complex and intimidating task. We aim to shift your efforts to the fast lane with our new program, VAST!
Today marks the official launch of our new Vendor Application Security Testing (VAST) program, designed to help enterprises manage the risks inherent in vendor-supplied software applications.
This summer, Veracode Solutions Architect Chad Holmes presented a webinar on third party application analysis. The webinar recommended several best practices for enterprises, application vendors, and application analyzers to follow in the third party application analysis process. In this blog post we’ll highlight Chad’s best practices and the key takeaways from his presentation.