Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.
Posts by Jessica Lavery

The Vast Underground World of Cyber Gangs

March 24, 2015

The illegal activities of hacktivists and nation-states receive massive amounts of media attention. When speculation that a breach was caused by the North Korean government began, it caused the media coverage of the breach to explode That is because the concept of cyberwar and cyberterrorism is both fascinating and terrifying. Enterprises that suffer a breach often claim they were victims of an... READ MORE

Minimizing the Impact of a Breach Demonstrates the Strategic Value of the CISO

March 23, 2015

A security breach is not a failure and, with Forrester Research predicting that in 2015 “at least 60 percent of organizations will suffer a security breach₁”, not all that uncommon. As victims of a breach, CISOs and security & risk professionals need to respond quickly to minimize its impact. The best way to ensure an appropriate response is to have a plan in place well before a... READ MORE

Does Premera Breach Suggest the Beginning of a Trend in Healthcare Breaches?

March 19, 2015

This week’s news of the reported data breach at Premera Blue Cross is yet another example of how valuable healthcare data is, and why the traditional network-centric approach to security is no longer sufficient. Beyond the estimated 11 million stolen medical and clinical records, the origins of the attack are also noteworthy. It appears that the attack can be traced back to Chinese... READ MORE

Latest WordPress bug highlights importance of securing the supply chain

March 11, 2015

Researchers have discovered another bug in a WordPress plugin. A vulnerability in the MainWP Child plugin allows attackers to take full control of a website. This is an easy to exploit vulnerability and is estimated to impact upwards of 90,000 websites. If you are using WordPress, check to see if you are using the MainWP Child plugin and upgrade to version 2.0.9.2 to mitigate the vulnerability.... READ MORE

JetLeak: the latest lesson in the importance of visibility

March 2, 2015

Earlier this week Gotham Digital Science issued a vulnerability disclosure regarding a vulnerability in Jetty Web Servers. CVE-2015-2080, or JetLeak, allows an unauthenticated remote attacker to read arbitrary data from previous requests submitted to the server by other users. The blog post by Gotham outlines nicely what this vulnerability is and what you need to do address this it. Versions 9.2.... READ MORE

Which Is More Dangerous: Cause-Motivated or Financially Motivated Hackers?

February 27, 2015

The Wall Street Journal recently published excerpts from an interview with David DeWalt, FireEye’s CEO. As I read through his comments, one in particular got me thinking: “We’ve watched over the last two or three years significant occurrences of just outright destruction. Attempts to really hurt companies or countries with Internet weaponry. You don’t have to wipe out... READ MORE

Will High-Tech Bank Heist Change How Enterprises View Security?

February 23, 2015

12360010_m.jpg Kaspersky Lab has released reports stating that bank hackers stole millions via malware. The initial reports indicated that hackers stole approximately $1 billion from over 100 banks in 25 countries — including the United States (although now FS-ISAC claims no US banks were impacted). Whether or not US banks were hit isn’t the most interesting point. What... READ MORE

Will more scrutiny on insurers change the way they think about security?

February 13, 2015

According to a report by Reuters, New York’s Financial Services Department will undertake “regular” reviews of the security posture at insurers. In the past, the end game of data breaches was fraudulent credit card purchases, but more recently, we are seeing them result in long-term identity theft. As a result, the state of New York is looking to protect its citizens by... READ MORE

6 Ways to Become a More Secure Developer in 2014

January 27, 2014

Every December security companies pull out their list of predictions for the coming year. These predictions are generally bland, and either cite the specific problem the company addresses as the big trend for the next year, or recycles predictions from previous years. Rather than add to the noise, the Security Research Team at Veracode created a list of resolutions for 2014 that developers could... READ MORE

Veracode Lands on the Inc. 5000 List

August 20, 2013

Once again, our rapid growth has been recognized by a major publication. Veracode has earned the position of #1055 on the 2013 Inc. 500/5000 list of the fastest-growing private companies in the United States. Each year, Inc. Magazine releases its 500|5000 list ranks the fastest-growing private companies in the U.S. The list results are based on the percentage of revenue growth from 2009 to 2012.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu