Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

TJarrett's picture
By Tim Jarrett July 24, 2017  | Secure Development
Updates to Veracode integrations

We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual... READ MORE

How Veracode Integrations Enable Security at DevOps Speed

sciccone's picture
By Suzanne Ciccone July 21, 2017  | Secure Development
speed the dev process with Veracode integrations

Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now... READ MORE

Security Can Be Complicated. Session Management Doesn’t Have To Be.

ahayter's picture
By Adrian Hayter July 18, 2017  | Secure Development
Simplify your approach to session management.

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the user ID and numeric counters. Appended... READ MORE

Podcast: The Necessary Skills for Success in a DevOps World

lpaine's picture
By Laura Paine July 13, 2017  | Secure Development

They don’t make apps like they used to. DevOps has moved away from rows of specialists handling their own tiny segment of code, advancing to a more comprehensive Full Spectrum Engineer. Today’s developers need to have a breadth of skills that can take an idea from inception to production – with one person and no handoffs. What we’re seeing is the natural ebb and flow between the specialist and... READ MORE

6 Tips for Transforming Technology to Achieve DevSecOps

jzorabedian's picture
By John Zorabedian June 21, 2017  | Secure Development
DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Anatomy of a Cross-Site Scripting Flaw in the Telerik Reporting Module

Telerik Reporting Cross-Site Scripting Vulnerability

One of the interesting aspects of working as a Veracode Application Security Consultant is seeing the wide range of code across many business sectors. On an average day, I could look at some COBOL code twice my age in the morning, and by lunch I’m exploring a large .NET MVC app, before transitioning to review a self-deploying microservices package comprised of Java, node.js, and a little PHP for... READ MORE

How to Hire and Build Developers Into Full Spectrum Engineers

pchestna's picture
By Pete Chestna May 31, 2017  | Secure Development
Hiring and Training Full Spectrum Engineers

As you look at candidates for your DevOps teams, it’s critical to find developers who exhibit qualities of a full spectrum engineer – generalists who can do it all. You need people who will add velocity and not be dependent on others to complete their work. It’s likely that you will not find someone who has every skill you need, so look to find people with the potential to grow and learn at speed... READ MORE

Security Starts With a Scope: Answer These Questions Before You Code

pherzog's picture
By Pete Herzog May 30, 2017  | Secure Development
Security Starts With Scope

Have you ever walked into a room to get something and the moment you got there you forgot what it was that you wanted? That memory glitch is caused by a refresh in your working memory that happens when you enter a new space or environment. Apparently the evolutionary algorithm at work in humans developed this way to increase your situational awareness and keep prehistoric you from becoming a... READ MORE

5 Things Developers Need to Thrive as a Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 24, 2017  | Secure Development
How to Be a Full Spectrum Engineer

The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a DevOps environment and succeed as a full spectrum engineer? Here are five things you need to do to make... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.