John Zorabedian

John Zorabedian is a blogger and copywriter at Veracode. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.
Posts by John Zorabedian

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

March 22, 2017  | Security News

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

March 15, 2017  | Security News

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

March 9, 2017  | Security News

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulation

January 3, 2017  | Security News

A new cybersecurity regulatory regime will go into effect this year in New York – the world’s financial capital and home to many banking, insurance and financial services organizations. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of impacted companies doing business in New York, and others who might be anticipating cybersecurity... READ MORE

Top Takeaways From Veracode’s Developer Survey

December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

November 22, 2016  | Intro to AppSec

People like novelty, and why not? The same old stuff gets boring. In the security world, it's understandable that newly discovered application vulnerabilities get a lot of attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of the past year, is SQL injection.... READ MORE

The Top 10 Application Vulnerabilities [INFOGRAPHIC]

November 4, 2016  | Security News

Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary. To create our list, we analyzed 300,000 static and dynamic application assessments and billions of lines of code, over 18 months. From this analysis we determined... READ MORE

What Developers Should Know About the State of Software Security

November 3, 2016  | Secure Development

Our latest research into the State of Software Security has something for everybody. For AppSec managers, the report offers evidence that application security is improving, although not as much as we’d like, with a slight lift since our last report in the percentage of applications passing OWASP top 10 policy. But what does our analysis, drawn from billions of lines of code over the past 18... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

October 19, 2016  | Secure Development

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu