Has our security been compromised before the shrink wrap is even off the box?
The U.S. House of Representatives went on record this month with a warning to U.S. industry of the danger of compromised supply chains. But getting to the bottom of the supply chain threat will require more than just tough talk.
Travis Emmert of Veracode is credited in the latest Oracle Critical Patch update for reporting nine Web application vulnerabilities in Oracle Fusion Middleware, Imaging and Process Management. After talking to Travis about how he found the vulnerabilities, what he found, and Oracle’s advisory release process I thought this material would make for a good blog post. I asked Travis to take a few moments to write about this experience.
When I read the New York Time BITS article “The Dangers of Allowing an Adversary Access to a Network” by John Markoff, I thought the fear of trojaned vendor products is misplaced. The much bigger problem is vulnerable products. To cyber security experts, a serious vulnerability is indistinguishable from a backdoor as both allow an adversary to take control of a system or device. Yet the U.S. House Committee seems preoccupied with backdoors in Huawei technology while ignoring the gaping vulnerabilities.
The amount and variety of malicious programs out there is enough to make your head spin. This blog post will break down the common types of malicious programs and provide a brief description of each.
What is Malware?
Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause…
How bad is Google’s application security problem?
Think “New York City in the 1970s.” Just like New York during those dark days, Google faces a myriad of problems: many of its own making. And the Silicon Valley star might consider looking to Gotham for inspiration as it tries to turn things around.
Companies spend millions on sophisticated anti-intrusion systems, that lock down their corporate assets against any kind of network attack.
Then they sit back and relax, confident that not even the smartest, trickiest, most downright determined hacker would ever be able to break in. And that hacker would have to be a total genius right?
It’s an exciting day here at Veracode as we’ve just announced our first ever company acquisition. We’re pleased to announce that we have acquired the assets of Marvin Mobile Security, the developer of an innovative mobile app analysis service for enterprises, app stores and mobile carriers. Read more about this in our official press release.
Enterprise app stores are all the rage, but do they solve the BYOD security conundrum? The short answer: “no.”
The trend that Forrester Research famously dubbed the “consumerization of IT” is, just a short time later, accepted practice in the modern workplace. We see it every day, as workers migrate off of older generation cell phones to powerful smart phones like the iPhone and Android devices and companies abandon the enterprise friendly Blackberry platform en masse.
Live Webinar Thursday, October 11 – 1 pm ET
Enterprises are taking on unbounded risk as a result of increased investment in outsourced, commercial, SaaS, mobile and open source applications. Enterprises are leaving themselves particularly vulnerable because buyers so rarely think to secure the software they purchase. Why accept this risk?
Our SQL Injection Cheat Sheet is a FREE resource and provides a summary of everything you need to know about the topic. We know that security parameters are ever changing and we’re pleased to announced that we’ve updated our Cheat Sheet to be current and fresh. Within the SQL Injection Cheat Sheet you’ll find;
- Key Concepts of an SQL Attack,
- SQL Injection Code Examples,
- Tips to avoid SQL Injection Hacks.
Cybersecurity is a major issue in all aspects of life today; individuals, companies, and even governments all have to worry about being attacked and having sensitive information stolen. As the 2012 US Presidential election approaches you should have as much information about the two candidates and party opinions as possible. In this infographic we detail the candidates’ opinions and actions, the recent bills that have been presented to the House and Senate, and how the candidates and their parties are tackling these important issues
The following is a guest blog from Michael Kaiser, executive director of the National Cyber Security Alliance.
October is National Cyber Security Awareness Month.
National Cyber Security Awareness Month is about everyone doing their part to make sure our online lives are kept safe and secure.
The Internet is a shared resource and securing it is our Shared Responsibility.
So what does this entail?