Podcast: Cyber Geneva Convention Proposed at RSA: Is It Feasible?

sciccone's picture
By Suzanne Ciccone April 20, 2017  | Security News

AppSec in Review Podcast, Episode 4: Cyber Geneva Convention Proposed at RSA: Is It Feasible? At the most recent RSA Conference this past winter, Microsoft President Brad Smith proposed a Cyber Geneva Convention. We’ve had four Geneva Conventions in modern history. In each convention, the world’s nations came together to agree upon a set of guidelines on how war would be conducted,... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

jzorabedian's picture
By John Zorabedian April 19, 2017  | Security News 4
Magento zero-day vulnerability

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

Partnering Perspectives from Veracode's Leslie Bois

lpaine's picture
By Laura Paine April 19, 2017  | Customer News

Leslie Bois, Vice President, Global Channel and Alliances, who joined Veracode back in December, shares her thoughts on all things top of mind with Veracode partners. Learn more about where Veracode is going and what partners can expect to see throughout the year. 1) Now that you have a full quarter at Veracode under your belt, what should partners be most excited about? This is easy. Partners... READ MORE

Veracode’s Journey to DevOps: Waterfall and Push Nights

pchestna's picture
By Pete Chestna April 19, 2017  | Secure Development
Waterfall and Push Nights

When I started working at Veracode in 2006, we were developing software the way I had for over 15 years – we were using Waterfall. It would be six years before we moved away from Waterfall and took the Agile plunge, and even longer before we got to DevOps. Looking back, I wonder how much farther along we’d be today if we had adopted the Agile methodology, which at that time was... READ MORE

Encryption and Decryption in Java Cryptography

msheth's picture
By Mansi Sheth April 18, 2017  | Research
Encryption and decryption in Java Cyrptography

This is the third entry in a blog series on using Java cryptography securely. The first entry provided an overview covering architectural details, using stronger algorithms, and debugging tips. The second one covered Cryptographically Secure Pseudo-Random Number Generators. This entry will teach you how to securely configure basic encryption/decryption primitives. This blog... READ MORE

Women in Technology: Don’t Worry, It’s Worse Than You Think

anielsen's picture
By Anne Nielsen April 14, 2017  | Security News

Veracode recently hosted a movie night to watch CODE: Debugging the Gender Gap, followed by a group discussion. Two things struck me at this event: Gender diversity in technology is getting worse, not better. This problem won’t fix itself. In our group discussion after the movie – lead by Rosa Carson from Wayfair Labs – we dove into the question of “why is this getting... READ MORE

The Surprising Compatibility of Unit Tests and Rapid Prototyping

akaufman's picture
By Adam Kaufman April 12, 2017  | Secure Development
Unit tests and rapid prototyping

This is not a blog post about the usual line on unit tests. They're good. They help you catch problems very early in the development process. High coverage numbers speak well for your codebase. These are all generally true statements and their complexities have been adequately covered elsewhere. This is also not a blog post about test-driven development (TDD) or any of its related concepts.... READ MORE

The Veracode Platform: Where Development and Security Come Together

sciccone's picture
By Suzanne Ciccone April 11, 2017  | Intro to AppSec
Bringing security and development together

The development of software has become a continuous, integrated process that reaches beyond your internal development team. This allows your organization to grow and innovate like never before, but also requires you to think about security differently. Different teams with different priorities Security and development teams each have very different AppSec priorities, needs and requirements.... READ MORE

Podcast: How the Role of Technologists has Evolved with the Rise of the Digital Economy

jlavery's picture
By Jessica Lavery April 9, 2017  | Security News

The rise of the digital economy has created professional opportunities for those entering technology careers, but is has also changed the core responsibilities of technologists. Our dependence on software to fuel the digital economy and as a result business objectives means it is no longer enough for CTOs and CISOS to be focused on technology and security; they must also speak the language of... READ MORE

Give Developers Training That Actually Helps

Developer training that helps.

Do you have a security education program for your developers? I hope so. Although developers are certainly capable of writing quality, secure code, most were never trained in security. They just don't know what they don't know. When I was actively developing enterprise software, I would visit the bookstore to purchase books on the technologies that I was using. These books were hundreds... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu