Message Digests, aka Hashing Functions

msheth's picture
By Mansi Sheth June 13, 2017  | Research

This is the fourth entry in a blog series on using Java cryptography securely. The first entry provided an overview covering architectural details, using stronger algorithms and debugging tips. The second one covered Cryptographically Secure Pseudo-Random Number Generators. The third entry taught you how to securely configure basic encryption/decryption primitives. This... READ MORE

Podcast: Components, Increasing Speed and Risk

lpaine's picture
By Laura Paine June 7, 2017  | Security News
Software Components, Increasing Speed and Risk

There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. -Donald Rumsfeld Just as there are known knowns, known unknowns and unknown unknowns in National Security, the same can be said for application security. The very... READ MORE

Anatomy of a Cross-Site Scripting Flaw in the Telerik Reporting Module

Telerik Reporting Cross-Site Scripting Vulnerability

One of the interesting aspects of working as a Veracode Application Security Consultant is seeing the wide range of code across many business sectors. On an average day, I could look at some COBOL code twice my age in the morning, and by lunch I’m exploring a large .NET MVC app, before transitioning to review a self-deploying microservices package comprised of Java, node.js, and a little PHP for... READ MORE

Why You Should Join the Veracode Community Beta

amay's picture
By Asha May June 5, 2017  | Customer News
Veracode Customer Community Beta

We’re launching a beta of the Veracode Community this July. As your Community Manager, I am inviting any and all Veracode customers to participate as early adopters. Why should you participate? … to take advantage of easy access to resources to help you get the most out of Veracode and secure your software simply and systematically … to interact with your peers across the Veracode customer base... READ MORE

Answers to the Top 10 Customer FAQs

Veracode Customer FAQs

At Veracode, we work hard to support our customers in meeting the goals of your application security program. As a Manager of Customer Success Management (CSM), I work with our CSMs to help hundreds of customers beginning their journey to a mature AppSec program, and many who are just starting out with Veracode. Veracode Services and Support Teams hear a lot of the same questions from numerous... READ MORE

How to Hire and Build Developers Into Full Spectrum Engineers

pchestna's picture
By Pete Chestna May 31, 2017  | Secure Development
Hiring and Training Full Spectrum Engineers

As you look at candidates for your DevOps teams, it’s critical to find developers who exhibit qualities of a full spectrum engineer – generalists who can do it all. You need people who will add velocity and not be dependent on others to complete their work. It’s likely that you will not find someone who has every skill you need, so look to find people with the potential to grow and learn at speed... READ MORE

Security Starts With a Scope: Answer These Questions Before You Code

pherzog's picture
By Pete Herzog May 30, 2017  | Secure Development
Security Starts With Scope

Have you ever walked into a room to get something and the moment you got there you forgot what it was that you wanted? That memory glitch is caused by a refresh in your working memory that happens when you enter a new space or environment. Apparently the evolutionary algorithm at work in humans developed this way to increase your situational awareness and keep prehistoric you from becoming a... READ MORE

Best Practices for the Adoption of Open Source Software

cdomoney's picture
By Colin Domoney May 26, 2017  | Managing AppSec
best practices for open source component use

In a previous blog post, I discussed the differing perspectives security and development teams have about the use of open source components. Taking these perspectives into account, what is the best way to enable the use of open source components in your organization? Forbidding their use entirely is not a viable option and, in fact, would be detrimental to both developers and the organization as... READ MORE

5 Things Developers Need to Thrive as a Full Spectrum Engineer

pchestna's picture
By Pete Chestna May 24, 2017  | Secure Development
How to Be a Full Spectrum Engineer

The rise of DevOps has given rise to a new type of developer, what I call the full spectrum engineer (FSE). In my previous blog post in this series, I looked at the evolution of software development from requiring specialists to developers who can do it all. So what does it take to thrive in a DevOps environment and succeed as a full spectrum engineer? Here are five things you need to do to make... READ MORE

Podcast: Our Take on the WannaCry Ransomware Attack

sciccone's picture
By Suzanne Ciccone May 23, 2017  | Security News
WannaCry Podcast Veracode

On Friday, May 12, an unprecedented cyberattack affected approximately 200,000 computers across 150 countries. By exploiting a vulnerability in Microsoft Windows, a combined worm/ransomware attack called WannaCry shut down hundreds of thousands of computers and demanded payment in order to regain access. In episode 5 of our AppSec in Review podcast, Evan Schuman and Veracode's Brian Fitzgerald... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.