The Princess and the Dragon: A Modern AppSec Fairy Tale

pherzog's picture
By Pete Herzog March 30, 2017  | Secure Development
Vulnerability vs Threat

Do you know the story about the princess who saved her kingdom from a dragon? I'd be surprised if you heard of this particular fairy tale, because I invented it to teach a lesson about secure software development. In this story, a king sacrificed poor children to appease a dragon, which is not a very nice thing for a king to do. But the important part is why he thought this was a good way to... READ MORE

A Veracode Program Manager’s Perspective: Best Practices for Scaling an AppSec Program

gjames's picture
By Griff James March 30, 2017  | Customer News
Scaling an AppSec program

“Amateurs talk tactics, professionals study logistics.” -- General Robert Barrow, Commandant of the USMC In military circles, “cyber” is spoken of in the same terms as the traditional spheres of conflict, namely land, air and sea. To that end, General Barrow’s quote is particularly apt. Unlike the other realms of conflict where armies, navies and air forces protect... READ MORE

Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)

msheth's picture
By Mansi Sheth March 29, 2017  | Research
Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)

Skip to the tl;dr This is the second entry in a blog series on using Java cryptography securely. The first entry provided an overview and covered some architectural details, using stronger algorithms and some debugging tips . This entry covers Cryptographically Secure Pseudo-Random Number Generators. This blog series should serve as a one-stop resource for anyone who needs to implement... READ MORE

4 Features of Veracode Greenlight Developers Are Guaranteed to Love

jworthington's picture
By Janet Worthington March 28, 2017  | Customer News
4 features developers will love about Veracode Greenlight

Leveraging our proven, SaaS-based static engine, Veracode Greenlight finds security defects in your code and provides contextual remediation advice to help you fix issues in seconds, right in your IDE. This powerful solution will “greenlight” your code and make your job easier. Here’s how: 1. Get Security Feedback in Seconds DevOps speed and security roadblocks don’t mix.... READ MORE

Veracode Visual Studio Extension, Now in the Visual Studio Marketplace

TJarrett's picture
By Tim Jarrett March 28, 2017  | Customer News
Integrating AppSec into the SDLC

Application security cannot be solved with a tool alone. There are significant organizational challenges, like gaining buy-in from various areas of your organization, helping developers to fix security flaws and making sure that security becomes part of the testing process. It’s truly a cultural shift. As such, adoption of application security will only be successful if you eliminate as... READ MORE

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 27, 2017  | Secure Development
Superhero Developer Skills

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new... READ MORE

New Research: In 2017, Women Still Only Make Up 11 Percent of the Cybersecurity Workforce

lpaine's picture
By Laura Paine March 23, 2017  | Security News
Women in cybersecurity.

As March comes to a close, so too does Women’s History Month. Unfortunately, it doesn’t seem that we’ll be putting an end to the ongoing battle for gender equality in the workplace any time soon – and we’re finding that this is especially true in cybersecurity. So true, in fact, that new research shows women make up only 11 percent of the information security... READ MORE

Striking the Right Balance Between Security and Functionality

eschuman's picture
By Evan Schuman March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

What Does an Advanced Application Security Program Look Like?

sciccone's picture
By Suzanne Ciccone March 23, 2017  | Managing AppSec
an advanced application security program

This is the fourth and final entry in a blog series that looks at each stage of an application security program’s maturity and outlines your next steps as you move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline Expanded Advanced So, what does it look like when you reach the advanced stage? Based on... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

jzorabedian's picture
By John Zorabedian March 22, 2017  | Security News
WikiLeaks vulnerability disclosure

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu