When I read the New York Time BITS article “The Dangers of Allowing an Adversary Access to a Network” by John Markoff, I thought the fear of trojaned vendor products is misplaced. The much bigger problem is vulnerable products. To cyber security experts, a serious vulnerability is indistinguishable from a backdoor as both allow an adversary to take control of a system or device. Yet the U.S. House Committee seems preoccupied with backdoors in Huawei technology while ignoring the gaping vulnerabilities.

The amount and variety of malicious programs out there is enough to make your head spin. This blog post will break down the common types of malicious programs and provide a brief description of each.

What is Malware?

Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause…

How bad is Google’s application security problem?

Think “New York City in the 1970s.” Just like New York during those dark days, Google faces a myriad of problems: many of its own making. And the Silicon Valley star might consider looking to Gotham for inspiration as it tries to turn things around.

Companies spend millions on sophisticated anti-intrusion systems, that lock down their corporate assets against any kind of network attack.

Then they sit back and relax, confident that not even the smartest, trickiest, most downright determined hacker would ever be able to break in. And that hacker would have to be a total genius right?

It’s an exciting day here at Veracode as we’ve just announced our first ever company acquisition. We’re pleased to announce that we have acquired the assets of Marvin Mobile Security, the developer of an innovative mobile app analysis service for enterprises, app stores and mobile carriers. Read more about this in our official press release.

Enterprise app stores are all the rage, but do they solve the BYOD security conundrum? The short answer: “no.”

The trend that Forrester Research famously dubbed the “consumerization of IT” is, just a short time later, accepted practice in the modern workplace. We see it every day, as workers migrate off of older generation cell phones to powerful smart phones like the iPhone and Android devices and companies abandon the enterprise friendly Blackberry platform en masse.

Live Webinar Thursday, October 11 – 1 pm ET

Enterprises are taking on unbounded risk as a result of increased investment in outsourced, commercial, SaaS, mobile and open source applications. Enterprises are leaving themselves particularly vulnerable because buyers so rarely think to secure the software they purchase. Why accept this risk?

Our SQL Injection Cheat Sheet is a FREE resource and provides a summary of everything you need to know about the topic. We know that security parameters are ever changing and we’re pleased to announced that we’ve updated our Cheat Sheet to be current and fresh. Within the SQL Injection Cheat Sheet you’ll find;

• Key Concepts of an SQL Attack,
• SQL Injection Code Examples,
• Tips to avoid SQL Injection Hacks.

Cybersecurity is a major issue in all aspects of life today; individuals, companies, and even governments all have to worry about being attacked and having sensitive information stolen. As the 2012 US Presidential election approaches you should have as much information about the two candidates and party opinions as possible. In this infographic we detail the candidates’ opinions and actions, the recent bills that have been presented to the House and Senate, and how the candidates and their parties are tackling these important issues

The following is a guest blog from Michael Kaiser, executive director of the National Cyber Security Alliance.

October is National Cyber Security Awareness Month.

National Cyber Security Awareness Month is about everyone doing their part to make sure our online lives are kept safe and secure.

The Internet is a shared resource and securing it is our Shared Responsibility.

So what does this entail?

Veracode Security Researcher Ryan O’Boyle educates us about Ruby on Rails. He answers the following questions:

What is Ruby on Rails?

What makes Ruby on Rails a popular framework?

What types of companies are using Ruby on Rails?

How well do consumer cyber security awareness efforts work? That’s a good question, and one somebody might consider answering!

The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. If customers or employees don’t know that, say, clicking on a curious link on their Facebook wall or opening the iloveyou.exe e-mail attachment could compromise their security, how do we gain ground against cyber crime, cyber espionage, spam and other online ills?

We’re back from the Gartner UK event in London! Thank you to everyone who came by our booth or attended our Solutions Provider Session.

Here are a few pictures of the Veracode booth at the Mixology reception: