Check out this French translation of our recent Infographic “Free Wi-Fi: Friend or Foe?” by Vincent Diard from the French blog site Panoptinet.

This is the final segment of our interview series featuring Josh Corman at SOURCE Boston 2012. In this video Josh discusses the hierarchy of AppSec within organizations and the roles of legislation and third party security. The video and a brief overview of Josh’s responses are below. Part one of the interview was released on Monday and can be seen here. Part two of the interview was released on Wednesday and can be seen here.

Does AppSec need to grow out of a development organization?

Josh talks about the roles …

Veracode will be exhibiting and speaking at the Gartner Risk & Security Management conference in National Harbor, Maryland from Monday – Wednesday this week. If you’re at the Gartner event stop by and see us at Booth M. be sure to check out the session called Defending Beyond the Network: Building a Global Application Security Program presented by Veracode co-founder, Chris Wysopal.

It’s no secret that mobile devices in the work place are changing the way people and organizations address security. Veracode’s Marketing department has developed an eBook to help educate people on how to protect themselves against security risks when bringing their own devices to work.

To download the eBook, CLICK HERE

In addition, we’ll present the Top 10 Mobile Security Tips from this eBook in-person to your employees, for Free! Attendees will leave the 90-minute seminar with a clear understanding of today’s mobile computing threats, a customized hardcopy edition of the e-Book, and the know-how to do their part …

Happy Friday folks! This past week (now being called “Breach Week”) was chock full of breaking news in the security world. Check out some of the biggest headlines below.

Flame Malware: “Microsoft Update and the Nightmare Scenario” by Mikko Hypponen. In this F-Secure blog post, Mikko Hypponen discusses what makes the Flame malware so powerful – its ability to spread via phony Microsoft Updates. Mikko reports that Flame has been running man-in-the-middle attacks on Microsoft Update or the Windows Server Update Services system to install infected files on host computers. The infected files misleadingly appear to be …

Hi all, check out this interesting post from The Ministry of Testing about using MindMaps for mobile testing.

The post gives a great example of how a MindMap created using an iPad can be used to plan out the testing of a new mobile product. This is a great way to ensure thorough methodical testing of mobile products. MindMaps could also be used for many types of testing. What uses do you find for MindMaps? Let us know in the comments.

Written by: Ian Broderick

This is the second segment of our interview series featuring Josh Corman at SOURCE Boston 2012. In this video Josh discusses the current level of appsec awareness and offers appsec strategy recommendations for enterprises. The video and a brief overview of Josh’s responses are below. Part one of the interview was released on Monday and can be seen here. Stay tuned for part three!

2011 and its effect on security awareness within organizations

Josh offers his take on the outbreak of cyber attacks and breaches in 2011 and the effect the year had …

This year’s SOURCE Boston gave us a chance to sit down and talk appsec with Josh Corman, Akamai Technologies’ Director of Security Intelligence. Our three part video interview primarily focused on enterprise level application security, with part one concentrating on important decisions facing organizations that are purchasing software and implementing application security programs. The video and a brief overview of Josh’s responses are below. Stay tuned for parts two and three!

What factors should organizations consider when buying software?

Josh outlines the true cost of procuring software for businesses and discusses the most important factors that organizations …

Happy Friday everyone and welcome to this week’s edition of our Weekly News Roundup!

Eliminate Vulnerable Code Project: “Project Finds, Purges Vulnerable Code Snippets From The Net” by Kelly Jackson Higgins in Dark Reading. This article in Dark Reading by Kelly Jackson Higgins takes a closer look at the Eliminate Vulnerable Code Project. The goal of the community-driven project is to cleanse the public domain of vulnerable code in order to help protect users of open source or publicly available code. Further commentary is provided by Veracode’s VP of Research, Chris Eng, who noted …

No source code? No problem! That’s the motto of the binary analyst.

We at Veracode have pushed the limits of static analysis (studying a program’s behavior without running it) to automatically detect and report security vulnerabilities in our customers’ codebases. Doing binary static analysis by hand is still a worthwhile skill, however, with myriad practical uses:

• Uncovering the behavior of malware
• Patching bugs in old, unsupported programs
• Verifying a program does what it claims it does
• Looking for evidence of stolen code
• Reverse engineering protocols and file formats for product compatibility
• Realizing just how much other people can learn about your own code!

Laws concerning reverse engineering third-party …

Web security scanners are one tool in the arsenal of any organization that takes security seriously. The ability of automation to rapidly test and verify that an application meets a reasonable standard of security is a key advantage. While manual testing can never be completely removed from the process, automated tools are critical in reducing the amount of time spent on repetitive tasks. In some cases applications are so large that it is not possible for a single human to cover even a small portion of the application’s functionality.

Dynamic Application Security Testing (DAST) has become an integral part of the …

Over the past several weeks, Veracode Director of Marketing Fergal Glynn has been authoring a series on application security for security news blog Threatpost. Titled “A CISO’s Guide to Application security,” the five-part series focuses on defining application security, outlining the elements of a comprehensive appsec program, educating about application and software related risks, determining the true cost of a data breach, and providing recommendations to CISOs for managing enterprise-level appsec. Now that the series has come to a conclusion we have highlighted each post below along with links to the full articles.

Sam King, Veracode’s EVP of Corporate Development, recently gave a webinar titled Disclosures 2012: The Vulnerability of Publicly Traded Companies. The webinar used Veracode’s Study of Software Related Cybersecurity Risks in Public Companies, a featured supplement to the State of Software Security Report. In the webinar, Sam examined risk management and disclosure practices for public companies dealing with security weaknesses at the software and application layer.