You’ve Got Smoke Detectors in the House, but I Bet You Still Don’t Store Gasoline in the Living Room

bfitzgerald's picture
By Brian Fitzgerald May 15, 2017  | Managing AppSec
the dangers of focusing only on detection in application security

“Detection and response” is the new approach to information security being championed by some of the leading analyst firms today. The theory is that, since we have failed to keep attackers from getting inside our networks, we’re better served getting tools that detect them once they are in, and help chase them back out again before they can do real harm. Nice idea, but completely wrong-headed.... READ MORE

Before You Outsource Code Development – Think About the Security Implications

sciccone's picture
By Suzanne Ciccone May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

5 Stages of the DevOps Journey [INFOGRAPHIC]

DevOps maturity

As business success in the digital economy increasingly depends on software innovation, development teams are moving to faster and more frequent deployment, enabled by the shift from Waterfall to Agile and DevOps. Yet getting to DevOps doesn't happen overnight. It's a journey, with a gradual transformation of culture, technology, and processes along the way. If you're embarking on a DevOps... READ MORE

Development and Security Have Different Perspectives on Open Source Components

cdomoney's picture
By Colin Domoney May 9, 2017  | Managing AppSec
security and dev have differing opinions on open source components

Open source components are a blessing and a curse. From a developer’s perspective, they’re a no-cost way to speed the development process. But they can be a curse security-wise. Many open source components contain vulnerabilities that put the organization at risk of getting breached and failing compliance audits. In fact, recent Veracode research looked at all the Java applications we scanned in... READ MORE

Regulations Surrounding Third-Party Software Security Are Increasing – How to Stay Compliant

sciccone's picture
By Suzanne Ciccone May 4, 2017  | Managing AppSec
security regulations surrounding third-party software

Developers are increasingly being pushed to create more code faster. As the speed of development increases, it becomes less feasible to create every application from scratch. In turn, the reliance on third-party applications and code increases as well. But this “short cut” comes with risk. Third-party applications and open source components frequently contain vulnerabilities, leaving... READ MORE

4 Ways to Build a DevSecOps Culture

Creating DevSecOps Culture

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security tools can't get the job done if the culture... READ MORE

Podcast: How Development is Changing

lpaine's picture
By Laura Paine May 3, 2017  | Security News

As much as world economies depend on software, its creation is subject to the different developer approaches and tactics. Besides their own code, almost all developers use open source as a key component. Security is a top priority for almost none of them. Functionality and delivery speed far too often outweigh everything else. In this edition of the Cyber Second podcast, Pete Chestna, Veracode’s... READ MORE

Coming Soon: The Veracode Community!

amay's picture
By Asha May May 2, 2017  | Customer News
Veracode Customer Community

Veracode will soon be launching an online community to give our customers fast and convenient access to AppSec-related content, and the opportunity to share knowledge with other developers and security practitioners. Today, when customers have questions, you can access the Veracode Platform Help Center, contact our technical support team, or contact your program manager for assistance. Bringing... READ MORE

When Technology Fails Us. And When We Fail Technology.

bfitzgerald's picture
By Brian Fitzgerald April 28, 2017  | Intro to AppSec
technology changes the world

Today was one of those epiphanies for me about how intimate and co-dependent our relationship with our tech has become. And as is true in all co-dependent relationships, neither side is completely blameless. Sometimes when we’re blaming our tech for letting us down when we need it most, we should really be apologizing to it instead. As spring hits New England, I finally climbed out of the... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu