6 Tips for Transforming Technology to Achieve DevSecOps

jzorabedian's picture
By John Zorabedian June 21, 2017  | Secure Development
DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Veracode Survey Research Shows Shift to DevOps and DevSecOps

jzorabedian's picture
By John Zorabedian June 14, 2017  | Security News
DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, Veracode partnered with ESG to conduct a survey of IT... READ MORE

Message Digests, aka Hashing Functions

msheth's picture
By Mansi Sheth June 13, 2017  | Research

This is the fourth entry in a blog series on using Java cryptography securely. The first entry provided an overview covering architectural details, using stronger algorithms and debugging tips. The second one covered Cryptographically Secure Pseudo-Random Number Generators. The third entry taught you how to securely configure basic encryption/decryption primitives. This... READ MORE

Podcast: Components, Increasing Speed and Risk

lpaine's picture
By Laura Paine June 7, 2017  | Security News
Software Components, Increasing Speed and Risk

There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. -Donald Rumsfeld Just as there are known knowns, known unknowns and unknown unknowns in National Security, the same can be said for application security. The very... READ MORE

Anatomy of a Cross-Site Scripting Flaw in the Telerik Reporting Module

Telerik Reporting Cross-Site Scripting Vulnerability

One of the interesting aspects of working as a Veracode Application Security Consultant is seeing the wide range of code across many business sectors. On an average day, I could look at some COBOL code twice my age in the morning, and by lunch I’m exploring a large .NET MVC app, before transitioning to review a self-deploying microservices package comprised of Java, node.js, and a little PHP for... READ MORE

Why You Should Join the Veracode Customer Community Beta

amay's picture
By Asha May June 5, 2017  | Customer News
Veracode Customer Community Beta

We’re launching a beta of the Veracode Customer Community this July. As your Community Manager, I am inviting any and all Veracode customers to participate as early adopters. Why should you participate? … to take advantage of easy access to resources to help you get the most out of Veracode and secure your software simply and systematically … to interact with your peers across the Veracode... READ MORE

Answers to the Top 10 Customer FAQs

Veracode Customer FAQs

At Veracode, we work hard to support our customers in meeting the goals of your application security program. As a Manager of Customer Success Management (CSM), I work with our CSMs to help hundreds of customers beginning their journey to a mature AppSec program, and many who are just starting out with Veracode. Veracode Services and Support Teams hear a lot of the same questions from numerous... READ MORE

Security Starts With a Scope: Answer These Questions Before You Code

pherzog's picture
By Pete Herzog May 30, 2017  | Secure Development
Security Starts With Scope

Have you ever walked into a room to get something and the moment you got there you forgot what it was that you wanted? That memory glitch is caused by a refresh in your working memory that happens when you enter a new space or environment. Apparently the evolutionary algorithm at work in humans developed this way to increase your situational awareness and keep prehistoric you from becoming a... READ MORE

5 Things Developers Need to Thrive as a Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 24, 2017  | Secure Development
How to Be a Full Spectrum Engineer

The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a DevOps environment and succeed as a full spectrum engineer? Here are five things you need to do to make... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.