Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Research Report: DevSecOps Provides a Competitive Edge

jzorabedian's picture
By John Zorabedian January 23, 2018  | Research
DevSecOps Research Report

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development... READ MORE

Forrester Analyst Amy DeMartine on What to Expect in Open Source in 2018

lpaine's picture
By Laura Paine January 11, 2018
2018 Open Source Software

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s... READ MORE

The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017

jzorabedian's picture
By John Zorabedian December 22, 2017  | Customer News
Cybersecurity Breaches of 2017

The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including CA Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures... READ MORE

Podcast: 2017 OWASP Top 10 – What’s New

sciccone's picture
By Suzanne Ciccone December 21, 2017

For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA... READ MORE

Podcast: Are We at Risk For Data Breach Disclosure Fatigue?

lpaine's picture
By Laura Paine December 21, 2017

What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above. Focus on the customer. That’s a... READ MORE

What's in your Crypto Currency Wallet?

jetanderson's picture
By Jet Anderson December 18, 2017

Keeping up with our theme of cryptocurrency blog posts, especially given all of the hoopla about digital currencies these days, we decided to do a little digging into the relative security of cryptocurrency related open source projects. Wow. Just wow. The names have been changed to protect the guilty, but even we were surprised at the results. In total, we scanned the top five projects with... READ MORE

Crypto Mining Ransomware is Here

mcurphey's picture
By Mark Curphey December 13, 2017

It has been an exciting week. On Monday Jet Anderson and Asankhaya Sharma posted a proof-of-concept piece for a crypto-mining ransomware embedded in a web application. Not a day later we saw it reported that a similar attack was used on a wifi access point at a coffee shop in Australia. The wifi attack simply made the users wait while it silently mined bitcoin. Bitcoin mining malware is no longer... READ MORE

CA Veracode Named a Leader in The Forrester Wave for Static Application Security Testing

lpaine's picture
By Laura Paine December 12, 2017

I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that CA Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static application security testing (SAST). The report... READ MORE

Podcast: When it Comes to Data Breach Disclosure, When Does the Clock Start Ticking?

lpaine's picture
By Laura Paine November 28, 2017  | Managing AppSec
When do you disclose a data breach?

In the last episode of the Cyber Second Podcast, we talked about the confusing patchwork of rules and laws – state, federal, global – dictating data breach disclosure rules. The common thread in nearly all of the existing regulations is that the disclosure clock starts the very moment that a company becomes aware of the breach. But when does someone truly know something, and who needs to know to... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu