Research

Posts from the Veracode security research team that zero in a bit on new ideas, trends, and technology. The content here will help deepen your understanding of various application security topics and satisfy the technically-inclined reader.

What Happens When Companies Don’t Give Web App Security the Attention it Deserves

cwysopal's picture
By Chris Wysopal July 26, 2013  | Research 3

I recently blogged about Web-based threats finally getting the respect they deserve?, but a recent New York Times article reminds us what happens when companies don’t pay enough attention to this crucial area of security. The article, titled “Wall Street’s Exposure to Hacking Laid Bare” describes not only the damage done by the five men involved in a seven year hacking spree, it also details how... READ MORE

Do We Want Military Secrets or Civilian Information Sharing?

cwysopal's picture
By Chris Wysopal June 25, 2013  | Research 4

Last month I gave a keynote at RVAsec in Richmond, VA on the topic of “The Future of Government Info Sharing”. The slides for my talk are available online. UPDATE: Video of keynote now available. The inspiration for my talk was the confluence of the DHS announcing their Enhanced Cybersecurity Services and the lack of information available about the root causes of major data breaches.... READ MORE

To Be a Secure Developer, Learn the Fundamentals

CEng's picture
By Chris Eng June 21, 2013  | Research 3

When I studied computer science in college, the curriculum wasn’t designed to teach all the different programming languages with the goal of becoming as “multi-lingual” as possible. Instead we focused on conceptual areas -- data structures, machine structures, algorithms, etc. The languages with which you chose to illustrate those concepts were secondary to the concepts... READ MORE

Executable Archaeology: The Case Of The Stupid Thing Eating All My RAM

MElliott's picture
By Melissa Elliott May 13, 2013  | Research 13

Everyone has had that dreaded experience: you open up the task manager on your computer... and there’s a program name you don’t recognize. It gets worse when you google the name and can’t find a concrete answer on what it is and why it’s there. It gets even worse when you remove it from Autoruns and it comes back. It gets terrible when you realize it has keylogger... READ MORE

Collateral Damage Control of a Hacked Account

Neil's picture
By Neil DuPaul April 24, 2013

Yesterday the Associated Press joined the pool of victims who can say they've suffered a hacked or stolen Twitter account. The highly publicized event saw the AP have it's main Twitter account hacked (@AP) sometime in the afternoon and a tweet appeared around 1 p.m. reporting: "Breaking: Two Explosions in the White House and Barack Obama is injured." As you can imagine the tweet set off a chain... READ MORE

Web-based threats finally getting the respect they deserve?

cwysopal's picture
By Chris Wysopal April 23, 2013  | Research

The recently released Microsoft Security Intelligence Report shows that web-based propagation vectors have surpassed traditional malware propagation vectors as the largest threats to distributed network environments. While I agree with Microsoft’s assessment of the threat landscape, I don’t think this is anything new; it is just the current state of a long-running trend. Back in 2008... READ MORE

Stolen Data Headers from the Federal Reserve Hack

cwysopal's picture
By Chris Wysopal February 6, 2013  | Research 8

Just another day at the office. Anonymous hacked into a Federal Reserve computer. Wait, what? Don’t worry, the attackers did not make off with any money, as far as we can tell, or disrupt any critical functions. What did they get? Just the details of 4000 bank executives. The data has been posted to pastebin and hosted on several compromised sites including other government sites. Someone... READ MORE

Software Upgrade Hygiene: Stop Putting It Off, It Will Only Hurt More

MElliott's picture
By Melissa Elliott February 5, 2013  | Research 7

Many years ago, you got your first job and bought your first car. It was a reasonable price, sturdy, and you made sure always to wear your seatbelt and not to break the posted speed limit too badly. It did its job and served you well as you went to college and started your career. Now, that car is quite old. The air conditioner broke three years ago and you just never got around to fixing it. It... READ MORE

Android Apps Phoning Home

CEng's picture
By Chris Eng January 22, 2013  | Research

Last fall, we acquired some cool mobile security technology that we've been feverishly working to integrate and bring to market for a few different use cases. By way of introduction, the Marvin technology gives us a way to quickly assess various characteristics of a mobile app and identify new variants of mobile malware. That's done through a combination of quick static analysis and instrumented... READ MORE

Ubuntu Snafu: Privacy Is Hard, Let's Go Shopping

MElliott's picture
By Melissa Elliott September 25, 2012  | Research

The following post is about a beta software release, which may — and hopefully will — change. You know what they say about assuming... My faithful army of security-minded Twitter followers alerted me to a sudden change in the Ubuntu Linux distribution's 12.10 beta build that they found alarming: Amazon search had been integrated into the system search bar by default, so that, for... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu