John Zorabedian

John Zorabedian is a blogger, content marketing writer, and editor at Veracode. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.
Posts by John Zorabedian

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

March 22, 2017  | Security News

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

March 15, 2017  | Security News

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

March 9, 2017  | Security News

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is widespread in Java... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulations

January 3, 2017  | Security News

New York State has passed strict new cybersecurity requirements for financial services companies doing business in New York, and affected organizations will need to prove compliance with the regulations beginning in February 2018. New York Governor Andrew Cuomo said the "first-in-the-nation" cybersecurity regulations are necessary to "guarantee the financial services industry... READ MORE

Top Takeaways From Veracode’s Developer Survey

December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

November 22, 2016  | Intro to AppSec

It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL injection. According to Veracode research, SQL injection ranks among the 10 most common vulnerabilities... READ MORE

The Top 10 Application Vulnerabilities [INFOGRAPHIC]

November 4, 2016  | Security News

Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary. To create our list, we analyzed 300,000 static and dynamic application assessments and billions of lines of code, over 18 months. From this analysis we determined... READ MORE

What Developers Should Know About the State of Software Security

November 3, 2016  | Secure Development

Our latest research into the State of Software Security has something for everybody. For AppSec managers, the report offers evidence that application security is improving, although not as much as we’d like, with a slight lift since our last report in the percentage of applications passing OWASP top 10 policy. But what does our analysis, drawn from billions of lines of code over the past 18... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

October 19, 2016  | Secure Development

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu