Your One Stop Shop for Integrations in the Veracode Community

amay's picture
By Asha May July 5, 2017  | Customer News
Veracode Community Integrations Hub

In my recent blogs, I have announced the upcoming Veracode Community, which will provide our customers, and others looking for application security information, with resources and the ability to collaborate on best practices. I am excited to highlight one of the features that will help you integrate security into your environment to support continuous integration/continuous delivery – The... READ MORE

Why Prevention Is the Only Answer

bfitzgerald's picture
By Brian Fitzgerald June 30, 2017  | Security News

Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them inside, monitor their actions, and then... READ MORE

The Next Petya Will Be Worse – Why Software Development Must Change

jzorabedian's picture
By John Zorabedian June 28, 2017  | Security News
Petya Ransomware Attack

Another major cyberattack hit computer networks around the globe on Tuesday, beginning in the Ukraine, when a paralyzing ransomware struck websites of government agencies, banks, transportation, and power plants, before spreading to Russia, the UK, U.S., and other nations. Coming just weeks after the WannaCry ransomware wreaked havoc, this new attack – initially believed to be a strain of the... READ MORE

6 Tips for Transforming Technology to Achieve DevSecOps

jzorabedian's picture
By John Zorabedian June 21, 2017  | Secure Development
DevSecOps Technology

The goal of DevSecOps is to build a bridge between fast and secure software development. Some in the DevOps and AppSec universe maintain that the primary foundations of a DevOps or DevSecOps initiative are the right mindset about quality, and processes that support continuous improvement and learning at velocity. Yet you cannot achieve DevSecOps without the right technologies for integrating... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Veracode Survey Research Shows Shift to DevOps and DevSecOps

jzorabedian's picture
By John Zorabedian June 14, 2017  | Security News
DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, Veracode partnered with ESG to conduct a survey of IT... READ MORE

Message Digests, aka Hashing Functions

msheth's picture
By Mansi Sheth June 13, 2017  | Research

This is the fourth entry in a blog series on using Java cryptography securely. The first entry provided an overview covering architectural details, using stronger algorithms and debugging tips. The second one covered Cryptographically Secure Pseudo-Random Number Generators. The third entry taught you how to securely configure basic encryption/decryption primitives. This... READ MORE

Podcast: Components, Increasing Speed and Risk

lpaine's picture
By Laura Paine June 7, 2017  | Security News
Software Components, Increasing Speed and Risk

There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know. -Donald Rumsfeld Just as there are known knowns, known unknowns and unknown unknowns in National Security, the same can be said for application security. The very... READ MORE

Anatomy of a Cross-Site Scripting Flaw in the Telerik Reporting Module

Telerik Reporting Cross-Site Scripting Vulnerability

One of the interesting aspects of working as a Veracode Application Security Consultant is seeing the wide range of code across many business sectors. On an average day, I could look at some COBOL code twice my age in the morning, and by lunch I’m exploring a large .NET MVC app, before transitioning to review a self-deploying microservices package comprised of Java, node.js, and a little PHP for... READ MORE

Why You Should Join the Veracode Community Beta

amay's picture
By Asha May June 5, 2017  | Customer News
Veracode Customer Community Beta

We’re launching a beta of the Veracode Community this July. As your Community Manager, I am inviting any and all Veracode customers to participate as early adopters. Why should you participate? … to take advantage of easy access to resources to help you get the most out of Veracode and secure your software simply and systematically … to interact with your peers across the Veracode customer base... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu