4 Ways to Build a DevSecOps Culture

Creating DevSecOps Culture

At the center of a successful DevOps initiative is a simple but often overlooked concept: Because developers drive the software agenda, developer participation is crucial for achieving a more secure framework. DevSecOps represents the next evolutionary step of secure software development, but even the best governance framework and leading-edge security tools can't get the job done if the culture... READ MORE

Podcast: How Development is Changing

lpaine's picture
By Laura Paine May 3, 2017  | Security News

As much as world economies depend on software, its creation is subject to the different developer approaches and tactics. Besides their own code, almost all developers use open source as a key component. Security is a top priority for almost none of them. Functionality and delivery speed far too often outweigh everything else. In this edition of the Cyber Second podcast, Pete Chestna, Veracode’s... READ MORE

Coming Soon: The Veracode Community!

amay's picture
By Asha May May 2, 2017  | Customer News
Veracode Customer Community

Veracode will soon be launching an online community to give our customers fast and convenient access to AppSec-related content, and the opportunity to share knowledge with other developers and security practitioners. Today, when customers have questions, you can access the Veracode Platform Help Center, contact our technical support team, or contact your program manager for assistance. Bringing... READ MORE

When Technology Fails Us. And When We Fail Technology.

bfitzgerald's picture
By Brian Fitzgerald April 28, 2017  | Intro to AppSec
technology changes the world

Today was one of those epiphanies for me about how intimate and co-dependent our relationship with our tech has become. And as is true in all co-dependent relationships, neither side is completely blameless. Sometimes when we’re blaming our tech for letting us down when we need it most, we should really be apologizing to it instead. As spring hits New England, I finally climbed out of the... READ MORE

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

HipChat Breached

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Podcast: Cyber Geneva Convention Proposed at RSA: Is It Feasible?

sciccone's picture
By Suzanne Ciccone April 20, 2017  | Security News

AppSec in Review Podcast, Episode 4: Cyber Geneva Convention Proposed at RSA: Is It Feasible? At the most recent RSA Conference this past winter, Microsoft President Brad Smith proposed a Cyber Geneva Convention. We’ve had four Geneva Conventions in modern history. In each convention, the world’s nations came together to agree upon a set of guidelines on how war would be conducted,... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

jzorabedian's picture
By John Zorabedian April 19, 2017  | Security News 4
Magento zero-day vulnerability

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

Partnering Perspectives from Veracode's Leslie Bois

lpaine's picture
By Laura Paine April 19, 2017  | Customer News

Leslie Bois, Vice President, Global Channel and Alliances, who joined Veracode back in December, shares her thoughts on all things top of mind with Veracode partners. Learn more about where Veracode is going and what partners can expect to see throughout the year. 1) Now that you have a full quarter at Veracode under your belt, what should partners be most excited about? This is easy. Partners... READ MORE

Veracode’s Journey to DevOps: Waterfall and Push Nights

pchestna's picture
By Pete Chestna April 19, 2017  | Secure Development
Waterfall and Push Nights

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was... READ MORE

Encryption and Decryption in Java Cryptography

msheth's picture
By Mansi Sheth April 18, 2017  | Research
Encryption and decryption in Java Cyrptography

This is the third entry in a blog series on using Java cryptography securely. The first entry provided an overview covering architectural details, using stronger algorithms, and debugging tips. The second one covered Cryptographically Secure Pseudo-Random Number Generators. This entry will teach you how to securely configure basic encryption/decryption primitives. This blog... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu