Jessica Lavery

Jessica is part of the content team at CA Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

How Can Enterprises Reduce Risk In The Application Economy?

May 12, 2015

In the modern application economy, every company is a digital business, producing web, mobile, and cloud applications at a rapid pace. In order to keep up with the pace of innovation, they are relying on third-party software and open source components and libraries to augment their own internal development efforts. This reliance on software would suggest that enterprises are placing equal... READ MORE

AppSec is a Major Concern, But Still Not a Top Priority

April 23, 2015

Imagine this scenario; your brother tells you he is very concerned about the fact the brakes on his car haven’t been working right lately – but he just doesn’t have time to get to the mechanic. It is important he gets to work quickly, and putting his car in the shop will slow him down. What would you say? You’d probably offer to let him borrow your car – right after... READ MORE

Even Anti-Virus Vendors Recognize the Need for AppSec

April 17, 2015

It is not uncommon for security vendors to release reports outlining the state of security. Verizon does it each year, and their report is seen as the authority on security statistics. Recently, Symantec released their “2015 Internet Security Threat Report” and what caught my eye is how prevalent the issue of application security was in the report. You’d expect a report from an... READ MORE

Despite Having Strong Network Security, TV5Monde Succumbs to Cyberattack

April 13, 2015

According to the BBC and CNN, a cyberattack disabled 11 French TV channels and took over TV5Monde's social media sites. The attack is thought to be in retaliation for French support of U.S. efforts in Iraq and Syria as the cyberattackers posted messages stating "The CyberCaliphate continues its cyber-jihad against the enemies of Islamic State." The attack is being called "... READ MORE

The Vast Underground World of Cyber Gangs

March 24, 2015

The illegal activities of hacktivists and nation-states receive massive amounts of media attention. When speculation that a breach was caused by the North Korean government began, it caused the media coverage of the breach to explode That is because the concept of cyberwar and cyberterrorism is both fascinating and terrifying. Enterprises that suffer a breach often claim they were victims of an... READ MORE

Minimizing the Impact of a Breach Demonstrates the Strategic Value of the CISO

March 23, 2015

A security breach is not a failure and, with Forrester Research predicting that in 2015 “at least 60 percent of organizations will suffer a security breach₁”, not all that uncommon. As victims of a breach, CISOs and security & risk professionals need to respond quickly to minimize its impact. The best way to ensure an appropriate response is to have a plan in place well before a... READ MORE

Does Premera Breach Suggest the Beginning of a Trend in Healthcare Breaches?

March 19, 2015

This week’s news of the reported data breach at Premera Blue Cross is yet another example of how valuable healthcare data is, and why the traditional network-centric approach to security is no longer sufficient. Beyond the estimated 11 million stolen medical and clinical records, the origins of the attack are also noteworthy. It appears that the attack can be traced back to Chinese... READ MORE

Latest WordPress bug highlights importance of securing the supply chain

March 11, 2015

Researchers have discovered another bug in a WordPress plugin. A vulnerability in the MainWP Child plugin allows attackers to take full control of a website. This is an easy to exploit vulnerability and is estimated to impact upwards of 90,000 websites. If you are using WordPress, check to see if you are using the MainWP Child plugin and upgrade to version 2.0.9.2 to mitigate the vulnerability.... READ MORE

JetLeak: the latest lesson in the importance of visibility

March 2, 2015

Earlier this week Gotham Digital Science issued a vulnerability disclosure regarding a vulnerability in Jetty Web Servers. CVE-2015-2080, or JetLeak, allows an unauthenticated remote attacker to read arbitrary data from previous requests submitted to the server by other users. The blog post by Gotham outlines nicely what this vulnerability is and what you need to do address this it. Versions 9.2.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu