Lawyers smartening up with cybersecurity: ”Lawyers Get Vigilant on Cybersecurity“ by Jennifer Smith. Law firms are now beginning to see an increasing number of cyber attacks. With the use of mobile devices to handle deals and other confidential matters, firms are now starting to smarten up and lock down. Lawyers are being asked to encrypt messages, avoid free Wi-Fi, and even be cautious with text messages. In 2010, Gipson Hoffman & Pancione were able to trace data retrieving emails to Chinese servers that were similar to the ones that were sent to a software company filing a $2.2 billion lawsuit …
It’s Thursday again so that means it is time for the third drink recipe in our series “The Many Flavors of AppSec”. Over the past two weeks you’ve got to indulge on our Anonymous and AppSec in the Cloud cocktails. This week we present the SQL Injection Shot!
Hi everyone, today we present an opinion piece from Ed Jones of Firebrand Training. In this post Ed discusses the “Flame” virus. I hope you enjoy this quick read!
Check out this video with Veracode Security Researcher Fred Owsley discussing SQL Injection. SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. Fred explains how SQL Injection occurs and what you can do protect your data from a SQL Injection attack. The video can be viewed below, enjoy! For your convenience we have also transcribed the video.
We recently recorded Veracode Security Researcher Chris Lytle discussing Insecure Cryptographic Storage. Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Protecting sensitive data by encrypting it should be a key step in a Secure Software Development Lifecycle. In this video Chris describes what Insecure Cryptography is and explains the impact of Insecure Cryptographic Storage Flaws.
Dynamic Application Security Testing (DAST) has become an integral part of the SDLC in most organizations today. DAST tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated.
We recently featured a webinar from Veracode Senior Security Researcher, Isaac Dawson, on why we should not gauge the effectiveness of a particular scanner by only looking at the results from scanning these public test sites.
If you would like to view the webinar click here. In addition, we are sharing highlights from our …
Happy Friday everyone! There has been a lot of news involving breaches and their effects this week, so here’s our wrap of this week’s events!
It’s only June, and there have already been 189 breaches this year: “The Worst Data Breaches of 2012 (So Far)” by Ellen Messmer. This slideshow highlights the 15 most significant data breaches this year, with the list including breaches at Emory Healthcare, Thrift Savings Plan, and Global Payments, Inc.
The number of vulnerabilities in control systems continue to rise: “Cyber-Security Threats, Infrastructure Sabotage Rising: McAfee” by Nathan Eddy. Now, there is an increasing threat …
The weekend is nearing again, so that means it’s time for another flavor of AppSec recipe! With the summer heat arriving in Boston this week, we’re all in need of a refreshing new drink. Today we present AppSec in the Cloud. This is the second recipe in our series “The Many Flavors of AppSec”. For anyone who missed last week’s post – The Anonymous cocktail – the recipe can be found here.
Eric Mikulas recently wrote an interesting article about the dangers of scanning QR codes. He conducted an experiment where he put up his own QR codes with no explanation of where they linked to, to see how many people would scan them. He found that a surprisingly large number of people scanned these unknown codes.