Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

jzorabedian's picture
By John Zorabedian March 9, 2017  | Security News
Struts-Shock Vulnerability Affecting Apache Struts 2

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is... READ MORE

Your Next Steps if Your AppSec Program Is in the Baseline Stage

sciccone's picture
By Suzanne Ciccone March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Bringing CA and Veracode Together

CA’s CEO Mike Gregoire and Veracode’s CEO Bob Brennan discuss how the acquisition of Veracode by CA will help make security a seamless, integrated part of the development process, enabling secure DevOps and helping customers hasten their path to revenue.   READ MORE

It's Time to Stop Blaming Developers for Insecure Software

mrunkle's picture
By Matt Runkle March 3, 2017  | Secure Development
Securing DevOps

In two-plus years on the security consulting team at Veracode, and in my prior experience as a security researcher and software developer, I've heard this phrase countless times: "Developers are the biggest cause of security defects." Sure, developers are the ones actively implementing the application – but they’re not the only ones involved in creating software. Lots of... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

RSA Conference 2017 Recap

Neil's picture
By Neil DuPaul March 2, 2017  | Security News
RSA Conference 2017 Wrap Up

After four years of providing web-based support to Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Veracode Named a Leader in the Gartner Magic Quadrant for Application Security Testing for the Fourth Report in a Row

lpaine's picture
By Laura Paine March 1, 2017  | Security News

For the fourth consecutive report, Gartner placed Veracode as a Leader in the 2017 Magic Quadrant for Application Security Testing1.  Gartner chooses leaders for the report based on a company’s completeness of vision and ability to execute in the application security testing (AST) market. When it comes to leadership, the proof is in the pudding: in 2016, Veracode demonstrated the... READ MORE

Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges, such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu