News

Our latest business and technology news

View: All | Press Releases | In the News | Events

In the News Oct 13 2017 Netzpalaver

Impacts of Microservices on application security

The architecture of software is changing fundamentally - Microservices are on the rise. Veracode, now part of CA Technologies, identifies three key challenges that drive application security. Microservices have been on the rise in software development for several years. Developing many small services rather than single monolithic applications offers many advantages.

In the News Oct 12 2017 Information Age

App economy: desperately seeking security talent

Digital transformation has revolutionised the role of applications and software within the business. Previously viewed as the IT Team’s domain, companies are increasingly investing in how they can drive greater productivity and create new revenue streams.As the importance of software and applications – and the speed with which it is developed –increases, we’re witnessed the transformation to DevOps. DevOps is changing the way companies build, test and deploy applications and is rising in popularity among many businesses, including major brands like Starbucks, LinkedIn, Apple and even the NASA that want to drastically speed up the product-to-market lifecycle.

In the News Oct 10 2017 Security-Insider

What you need to know about DGPR

2018, the transitional period for the European Data Protection Regulation (EU-DSGVO) will end on 25 May. This makes the data protection rules for companies and authorities much more stringent. Many previous data protection measures must be questioned, updated or expanded. The time is running. Many companies are running behind. The modern economy is nothing without data: no orders, no production, no sales, no customer service, no advertising from new customers and no employee administration. Collection and processing of personal data is therefore a "must". Because this data is so important, it is also coveted. In the past two years, every second company in Germany has become a victim of data loss, data theft, economic crime or sabotage (53%, source: Bitkom). The resulting loss is estimated at € 55 billion annually. Data misuse happens on a daily basis and can happen to anyone. However, it is not only caused by cyber-attacks or economic espionage, but often by negligent handling of data, for example, when no or unprofessional data management is operated.

In the News Oct 06 2017 DevOps Online

Veracode empowers developers to secure modern web and cloud applications

Veracode announced support for security testing in applications built with Scala language, as well as the Python Boto3 framework within the Veracode Static Analysis solution.

In the News Oct 05 2017 CSO

Is 'secure open source component use' an oxymoron?

Asking developers to stop using components would be like asking writers to stop using word processing and go back to typewriters. Components are a technological advance that enables productivity and innovation, and have simply become a standard tool of the trade. But with these benefits comes some risk. They can, and often do, contain vulnerabilities. And the nature of their use – the functionality in one component is used again in multiple other components – means they spread risk like wildfire. More from Veracode's Chris Wysopal (@WeldPond).

In the News Oct 05 2017 Dev-Insider

Code review for Python Boto3 and Scala

With Veracode Static Analysis, applications that have been created using the Scala programming language and the Boto3 software development kit for Python can be investigated. AWS applications and microservices are especially benefiting from the support. Boto3 is used to develop cloud applications that directly access Amazon Web Services. Scala has also become more and more popular, not least thanks to the interoperability with the Java programming language. Thanks to Java archive integration, existing Java libraries and frameworks can easily be integrated into Scala projects. According to Scott Crawford, Research Director at 451 Research, Scala is "well suited to the increasingly emerging microservices application architectures, thanks to its scalability." The Veracode Static Analysis enhancements enable developers to test these early-stage applications for their security. The solution leverages the experience Veracode has gained with the investigation of more than two trillion code lines and continuous improvements.

In the News Oct 04 2017 heise Developer

Veracode extends its platform for static analysis

Veracode, which has been part of CA Technologies since March 2017, has expanded its SaaS platform (software as a service) for the static analysis of software. Developers can now test Veracode Static Analysis applications for vulnerabilities that they have written in Scala or with the Python framework Boto3.

In the News Oct 04 2017 SD Times

Veracode adds support for Python Boto3 and Scala

Veracode has announced an expansion to its security testing capabilities. This will enable developers to do security testing early in the development process to ensure that their applications are secure. Veracode Static Analysis now supports applications built in Scala and the Python Boto3 framework.

Press Release Oct 04 2017

Veracode Becomes First Application Security Vendor to Empower Developers to Secure Modern Web and Cloud Applications

New support for Python Boto3 framework and Scala to ensure static application testing in software development for secure coding practices

In the News Oct 04 2017 Heise Developer

Veracode enhances static analysis

The SaaS offering Veracode Static Analysis now provides vulnerability testing for applications created in the JVM Scala language or the Boto 3 framework. Veracode, which has been part of CA Technologies since March 2017, has expanded its SaaS platform (software as a service) for the static analysis of software. Developers can now test applications on vulnerabilities that they have written in Scala or with the Python framework Boto 3 via Veracode Static Analysis. Boto 3 is the SDK of Amazon Web Services (AWS) to access Python via an object-oriented API on AWS services such as S3 and EC2. According to the announcement, Veracode is currently the only security vendor to offer static analysis for the framework. The Scala programming language is becoming increasingly popular thanks to its scalability. Apache Spark is based on the JVM language, which combines functional and object-oriented approaches.

In the News Sep 28 2017 CSO

SecDevOps is hindering developers who are keen on Agile but inadequate at security

Developer-focused education crucial as pen-testers find the same application security problems, over and over again

In the News Sep 25 2017 IDG Connect

DevOps: Where’s all the security talent?

Digital transformation has completely changed how businesses consume applications and software. Businesses are increasingly looking to technology to drive greater efficiencies and create new revenue streams, with Gartner predicting that the enterprise software spend will increase to $351 billion this year. More from CA Veracode's Colin Domoney (@colindomoney).

In the News Sep 20 2017 eWeek

CCleaner Attack Shows Need to Bolster Software Development Security

The latest targets of attackers are developers and insecure development processes, highlighting the need to instill security checkpoints in the development process.

In the News Sep 19 2017 Information Security Buzz

Malicious WordPress Plugin Used To Hijack More Than 200,000 Websites

It was reported that a malicious WordPress plugin has been discovered which has been used to hijack more than 200,000 websites. The plugin called Display Widgets has been found to contain a backdoor that could allow hackers to access what is posted on the site and modify content on infected pages. Colin Domoney (@colindomoney), Consultant Solution Architect at Veracode commented.

In the News Sep 15 2017 Computer Business Review

Is automation the great cybersecurity liberator?

Some are concerned by the prospect of automation threatening the jobs of humans, but it could give skilled professionals the time to defend against cyberattacks more effectively.

In the News Sep 13 2017 O'Reilly

Chris Wysopal on a shared responsibility model for developers and defenders

In this episode of the O'Reilly Security Podcast, Courtney Allen talks with Chris Wysopal (@WeldPond), co-founder and CTO of Veracode. They discuss the increasing role of developers in building secure software, maintaining development speed while injecting security testing, and helping developers identify when they need to contact the security team for help.

In the News Sep 12 2017 ITProPortal

The new order in an open source software world

According to CA Veracode's Colin Domoney (@colindomoney), open source software brings a new set of challenges but if implemented correctly it keep your organisation just as secure as proprietary software.

In the News Sep 12 2017 IT-Daily

Security by design is essential for IoT devices

Cyber ​​criminals and security researchers are constantly finding new ways to hack IoT devices. Julian Totzek-Hallhuber, Solutions Architect at Veracode, explains why "Security by Design" is so important for IoT devices.

In the News Sep 08 2017 SC Magazine UK

DolphinAttack could allow hackers to take over AI voice assistants

Scientists in China have found that ultrasound frequencies that human ears cannot perceive, could be used to issue commands to smart home assistants, such as Alexa, Siri and Cortana. Dubbed DolphinAttack, researchers at Zhejiang University said in a research paper, that they managed to successfully test attacks on several products, including Alexa, Cortana, Google Now, Huawei HiVoice, Samsung S Voice, and Siri.

In the News Sep 08 2017 Infosecurity Magazine

Ultrasonic "DolphinAttack" Could Hack Voice Assistants

Security researchers have warned that voice assistants made by the likes of Amazon, Google and Apple could be ‘hacked’ by remote attackers broadcasting commands in ultrasonic frequencies. Researchers in China found that broadcasting the commands via a loudspeaker enabled them to activate the assistant from several metres, in what they called a “DolphinAttack."

In the News Sep 08 2017 Security Week

Siri, Alexa, Google Now Vulnerable to Ultrasound Attacks

A team of researchers from the Zhejiang University in China have demonstrated how several popular speech recognition systems can be controlled using ultrasound via an attack method they have dubbed “DolphinAttack.” The experts tested Apple’s Siri, Google Now, Samsung’s S Voice, Huawei’s HiVoice, Microsoft’s Cortana, Amazon’s Alexa and the speech recognition system in an Audi Q3 vehicle. They modulated various voice commands on ultrasonic carriers, at a frequency of 20,000 Hz or higher, in order to make them inaudible to humans.

In the News Sep 08 2017 TechBeacon

DevSecOps is doable: 5 ways to unite security and dev teams

Despite the many hacks and breaches consistently making headlines, businesses can't afford to slow down their development processes because they don't want to lose out to the competition. This places them in an awkward position: deciding between speed and an extra step for the sake of security. But the worry is misplaced; companies don’t need to trade speed for security or security for speed.

More from Veracode's Pete Chestna (@PeteChestna)

In the News Sep 07 2017 FAZ.net

Can the federal election results be manipulated?

The Federal Office for the Protection of the Constitution has warned of hacker attacks on the German federal election months ago. Could criminals distort the result by attack?

When the polling stations close on September 24, it can become critical. For then the votes of the federal election are counted. From the level of the regional election leaders it becomes digital. And here the security authorities count with hacker attacks on the server. Werner Maaßen, President of the Federal Office for the Protection of the Constitution, has warned of hacker attacks on the Bundestag election for several months. The Chancellery and election officers take these reminders very serious. "Together with the employees of the Federal Office for Security in Information Technology, we have looked very intensively for weaknesses and are well prepared," says Klaus Pötzsch from the office of the federal election leaders. Thus, the rapid notifications with the first counting results in the election night are passed over the telephone. (…)

According to Veracode's Julian Totzek-Hallhuber, the planning of a possible attack is dependent on whether the election is simply to be disturbed or manipulated. In the first case, the hacker would start an overload attack on the switching computers of the telecommunication companies that provide the trunks for the management network. Many millions of data packets are shot down on the exchange machine until they get to their knees. In this case the count would be delayed by many hours. (…)

"Those who want to chop the federal elections in September have already completed the preparations for the attack", says Totzek-Hallhuber.

In the News Sep 07 2017 ZDF heute

Election hacking: Luckily, we have papers

Can the German federal election be hacked? Reports of security problems are currently hitting waves. In focus: A software that counts the results of individual polling points. In fact, however, it is more of a secondary importance. And then there would be the good old paper.

The federal election is a decentralized matter - federalism wants it so. Cities and municipalities largely decide independently, as they manage, for example, election results. The statutory provisions of the Federation provide only one framework. In addition, the election officerr gave some urgent recommendations, which should be taken into account in the counting of the votes on the election day and the subsequent transmission. (…)

"As a hacker, I would attack exactly this data transfer," says IT security officer Julian Totzek-Hallhuber from the security specialist Veracode. "Because it is based on public lines and is thus in principle vulnerable."

In the News Sep 04 2017 Infosecurity Magazine

The Developers' Skills Gap for Secure DevOps

In today’s application economy, we’re seeing ever-greater demand on software development. Software and applications have risen to the front office, where missed deadlines result in lost revenues and poor functionality can lead to lost customers. Increasingly, businesses are embracing DevOps to feed their need for speed, binding the previous separate developer and operations teams.

More from Veracode's Maria Loughlin (@marialoughlin).

 

 

contact menu