Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 20, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Veracode’s Colin Domoney Nominated as Security Leader of the Year

hcampbell's picture
By Helena Campbell September 18, 2017  | Security News
Colin Domoney nominated as security leader of the year

We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central role in driving business value... READ MORE

How a Single Phone Call Can Compromise Your Company

ckirsch's picture
By Chris Kirsch September 13, 2017
Social Engineering CTF at DEF CON

I’d read about social engineering for a few years before I first stepped into the Social Engineering Village at DEF CON 20. But I didn’t grasp the power of this type of attack until I watched a live call during which employees of major companies simply offered up all the information needed to breach their systems – no technology required. I was hooked. In case you’re not familiar with social... READ MORE

Jenkins World 2017: DevSecOps, It’s Not You, It’s Not Me, It’s We

jcoletta's picture
By Joe Coletta August 24, 2017  | Security News

At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hinder the development process. Recent... READ MORE

Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures

jzorabedian's picture
By John Zorabedian August 17, 2017  | Security News
DevSecOps Global Skills Survey

The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply. Now, a survey of development and IT professionals, conducted by Veracode and, has... READ MORE

Big Win! Veracode Sweeps Web Application Security Category in CRN’s 2017 Annual Report Card

lbois's picture
By Leslie Bois August 16, 2017  | Security News

I am thrilled to announce that Veracode has swept the Web Application Security category of CRN®‘s 2017 Annual Report Card (ARC) awards program. Veracode was selected as the highest rated web application security vendor by solution providers in a satisfaction survey which evaluated vendors based on product innovation, support and partnership.       This year marks the 32nd... READ MORE

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

We're Already at Cyberwar (and We're Losing)

jzorabedian's picture
By John Zorabedian July 25, 2017  | Security News
Cyberwar and Election Hacking

Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hackers... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu