John Zorabedian

John Zorabedian is a blogger and copywriter at Veracode. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.
Posts by John Zorabedian

6 Tips for Transforming Technology to Achieve DevSecOps

June 21, 2017  | Secure Development

DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Veracode Survey Research Shows Shift to DevOps and DevSecOps

June 14, 2017  | Security News

DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, Veracode partnered with ESG to conduct a survey of IT... READ MORE

5 Simple Strategies for Building Security Into Your DevOps Process

May 17, 2017  | Secure Development

DevSecOps Process

Securing any development framework – whether Waterfall, Agile or DevOps – requires changes of culture, process, and technology. But unlike the straightforward flow of Waterfall, where security comes at the end of the process, it's less clear where security fits in Agile and DevOps. As Securosis analyst Adrian Lane points out, Agile development includes "whatever work gets done in a sprint... READ MORE

5 Stages of the DevOps Journey [INFOGRAPHIC]

May 11, 2017  | Secure Development

As business success in the digital economy increasingly depends on software innovation, development teams are moving to faster and more frequent deployment, enabled by the shift from Waterfall to Agile and DevOps. Yet getting to DevOps doesn't happen overnight. It's a journey, with a gradual transformation of culture, technology, and processes along the way. If you're embarking on a DevOps... READ MORE

4 Ways to Build a DevSecOps Culture

May 3, 2017  | Secure Development

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security tools can't get the job done if the... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

April 27, 2017  | Managing AppSec | Security News

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

April 19, 2017  | Security News 4

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

March 27, 2017  | Secure Development

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new ideas,... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

March 22, 2017  | Security News

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

March 15, 2017  | Security News

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.