Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Why Prevention Is the Only Answer

bfitzgerald's picture
By Brian Fitzgerald June 30, 2017  | Security News

Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them inside, monitor their actions, and then... READ MORE

The Next Petya Will Be Worse – Why Software Development Must Change

jzorabedian's picture
By John Zorabedian June 28, 2017  | Security News
Petya Ransomware Attack

Another major cyberattack hit computer networks around the globe on Tuesday, beginning in the Ukraine, when a paralyzing ransomware struck websites of government agencies, banks, transportation, and power plants, before spreading to Russia, the UK, U.S., and other nations. Coming just weeks after the WannaCry ransomware wreaked havoc, this new attack – initially believed to be a strain of the... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Towards a better risk score for open source security

mcurphey's picture
By Mark Curphey June 15, 2017

You already know that SourceClear provides robust vulnerability detection to protect your code and your customers. However, when you’re overseeing multiple projects, it can be a challenge to know where to prioritize your resources. Even if you have just one project, you may want to know how that project stacks up against similar projects by other developers. That’s where our new project risk... READ MORE

CA Veracode Survey Research Shows Shift to DevOps and DevSecOps

jzorabedian's picture
By John Zorabedian June 14, 2017  | Security News
DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, CA Veracode partnered with ESG to conduct a survey of IT... READ MORE

Podcast: Components, Increasing Speed and Risk

lpaine's picture
By Laura Paine June 7, 2017  | Security News
Software Components, Increasing Speed and Risk

There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. -Donald Rumsfeld Just as there are known knowns, known unknowns and unknown unknowns in National Security, the same can be said for application security. The very... READ MORE

Un-patched for months, could Cisco 0-day lead to another round of WannaCry? - SourceClear

mcurphey's picture
By Mark Curphey May 24, 2017

For the last few weeks, we all got our ears torn out by story after story of WannaCry this, WannaCry that. Yet, not long ago, there was a similar exploit - Cisco 0-Day, CVE-2017-3881 - whose impact could have caused a similar outcry had it been more successful. We highlight the initial similarities between Cisco 0-Day and EternalBlue - the exploit that fueled WannaCry - but note the differences... READ MORE

Podcast: Our Take on the WannaCry Ransomware Attack

sciccone's picture
By Suzanne Ciccone May 23, 2017  | Security News
WannaCry Podcast CA Veracode

On Friday, May 12, an unprecedented cyberattack affected approximately 200,000 computers across 150 countries. By exploiting a vulnerability in Microsoft Windows, a combined worm/ransomware attack called WannaCry shut down hundreds of thousands of computers and demanded payment in order to regain access. In episode 5 of our AppSec in Review podcast, Evan Schuman and CA Veracode's Brian Fitzgerald... READ MORE

WannaCry Ransomware Attack Is a Symptom of a Much Bigger Problem

WannaCry Ransomware

In the wake of one of the largest-ever cyberattacks – the fast-spreading WannaCry ransomware, which hit over 300,000 computers in 150 countries – it’s important to look at what went wrong and how to prevent it from happening again. Yet as we look for lessons from this devastating attack, it would be a mistake to see WannaCry as just a really destructive form of ransomware – it is a sign of latent... READ MORE

When Will WannaCry Style Ransomware Hit Enterprise Java Web Apps?

mcurphey's picture
By Mark Curphey May 14, 2017

Unless you have been living under a rock you have heard all about the WannaCry ransomware. At SourceClear, we believe this week's attacks were a preview of what could happen when (not if) ransomware moves from small-value targets (consumer desktops) to large-value targets (enterprise web applications). It's where the big money is. This blog post demonstrates the technical feasibility with a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu