What Do Microservices Mean for AppSec?

bpitta's picture
By Brian Pitta August 7, 2017  | Managing AppSec
microservices are like tapas vs. a traditional meal -- how this shift will affect AppSec

I am not a fan of tapas. I’ll take the 22-oz. bone-in ribeye over small plates any day. My wife is the opposite; she loves them. With more tapas bars opening and existing restaurants adopting a “small plate” menu, I find myself losing the battle of steakhouse vs. tapas quite often. After several meals (if that’s what you call them), I will admit I’ve started to see some of the appeal: pick what... READ MORE

5 Ways Veracode Helps You Fix Software Flaws

jjastrzebski's picture
By Jim Jastrzebski August 2, 2017  | Customer News
How Veracode helps you work around software flaws.

As important as application security testing is, it's really just the first step in a continuous process to identify and fix flaws. And, depending on your application, you may have hundreds of flaws which require remediation. Some of the most common questions I hear when consulting with customers, particularly new customers, are, “how can I make sure I’m remediating the flaws I find,” followed by... READ MORE

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

Security Needs to Shift Left – and Right

sciccone's picture
By Suzanne Ciccone July 25, 2017  | Managing AppSec
Shift security both left and right

The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s important not to lose sight of the fact that... READ MORE

We're Already at Cyberwar (and We're Losing)

jzorabedian's picture
By John Zorabedian July 25, 2017  | Security News
Cyberwar and Election Hacking

Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hackers... READ MORE

Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

TJarrett's picture
By Tim Jarrett July 24, 2017  | Secure Development
Updates to Veracode integrations

We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual... READ MORE

Podcast: What Our New Survey Reveals About the AppDev/Sec Relationship

sciccone's picture
By Suzanne Ciccone July 21, 2017  | Managing AppSec
AppSec in Review Episode 7

Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than solely to meet compliance requirements.... READ MORE

How Veracode Integrations Enable Security at DevOps Speed

sciccone's picture
By Suzanne Ciccone July 21, 2017
speed the dev process with Veracode integrations

Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now... READ MORE

Security Can Be Complicated. Session Management Doesn’t Have To Be.

ahayter's picture
By Adrian Hayter July 18, 2017  | Secure Development
Simplify your approach to session management.

While performing a manual penetration test recently, I encountered a session management system that flew in the face of almost all the recommended security practices. Rather than use a pre-built implementation associated with a development framework, the developers had written one from scratch that, among other things: Generated session tokens based on the user ID and numeric counters. Appended... READ MORE

Podcast: The Necessary Skills for Success in a DevOps World

lpaine's picture
By Laura Paine July 13, 2017  | Secure Development

They don’t make apps like they used to. DevOps has moved away from rows of specialists handling their own tiny segment of code, advancing to a more comprehensive Full Spectrum Engineer. Today’s developers need to have a breadth of skills that can take an idea from inception to production – with one person and no handoffs. What we’re seeing is the natural ebb and flow between the specialist and... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu