July 15, 2014
13508806_m_2.jpg Is your SDLC process built on a shaky foundation? A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately controls the success or failure of this process must be built upon knowledge — that means training developers to avoid common coding flaws that can lead... READ MORE›
June 25, 2014
vulnerability-prioritization-by-criticality_2.jpg Your scan results may have you feeling a bit overwhelmed but our actionable data and sorting can help streamline your remediation efforts! In November’s update to PCI DSS, now on version 3.0, you may have noticed that the PCI Security Council switched the order of the first two application security focused sub-... READ MORE›
June 11, 2014
12682173_s_2.jpg In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed software. At CA Veracode, we’ve been talking about the need to secure your third-party code for quite some time now, so we’re excited to see such a... READ MORE›
November 13, 2013
As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic. While there are plenty of steps... READ MORE›
May 23, 2013
Nothing’s free in this world, especially not when it comes to security. With Twitter officially cramping your style, you are now forced you to waste precious seconds you could be tweeting, by instead waiting for a verification code to be delivered to your phone just so you can login. The thing about options is that you have them…and options tend to let people remain lazy. Options also carry... READ MORE›
April 9, 2013
It's only a matter of time before someone finds all the skeletons in your closet. In this case the "someone" is a hacker and the “closets” are your applications. As if that isn’t scary enough, consider all of the 3rd party applications and libraries being leveraged to make your applications function…and all of their skeletons you don't know of. No bones about it, there’s a whole heap of issues... READ MORE›