Last May, President Trump ordered his administration to come up with a plan for securing the U.S. government and the nation's infrastructure from cyberattacks that threaten the country's economy and national security.
Application security often leads to a niche existence. Mistakenly, most people see this as a problem with developers, and it's a question of the entire company.
The activities of IT security often do not achieve the desired results. That in such cases, good advice is expensive, is a truism. Because often it is relatively simple things that hamper the efficient implementation of a security strategy. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, mentions five avoidable application security bugs
A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring projects and could allow an attacker to run arbitrary commands on any machine running applications built using Spring Data REST.
The recently discovered "Spring Break" vulnerability is a Remote Code Execution (RCE) security vulnerability that needs immediate attention and is another example of the immense challenges companies face. "Comment by Julian Totzek-Hallhuber, Principal Solution Architect at CA Veracode.
A flaw that was discovered in Pivotal’s Spring Framework in September 2017 has only come to light now that users have had a chance to update.
Researchers imaginatively dub the new vulnerability "Spring Break"
Chris Wysopal, CTO of CA Veracode, a leading cybersecurity company, offers a more moderate option—slowing the computers down. “We could make the computers suffer hard-drive failures, keeping the operators so busy they couldn’t do much else,” Wysopal told me. “This is easy to do, and it would send a message: We can get to you, just like you can get to us, and we can step this up several notches”—for instance, fry the computers, as Clarke suggests—“if you don’t stop.”
In response to the news that new “Spring Break” critical remote code execution (RCE) vulnerability, which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications, Chris Wysopal, CTO at CA Veracode comments.
If you make security early in development, you can reduce safety risks and long-term development costs quite significantly. The EU Commission is on its way with a number of initiatives that take security from the start.
Meltdown and Specter rang in the year 2018 with a bang, affecting billions of devices. CA Veracode's Julian Totzek-Hallhuber explains in this blog post why it is high time to put security at least on the same level as functionality.
A DevSecOps strategy won’t work if developers haven’t bought into the movement. CA Veracode held a virtual summit on Assembling the Pieces of the DevSecOps Puzzle yesterday to talk about the importance of developer security training in a DevOps environment.
Corporate IT systems with known vulnerabilities are often missed or overlooked. In the case of Equifax, a known vulnerability led to hundreds of millions of dollars in losses. Here are the top-5 ways that vulnerabilities hide inside your company.
Somewhere along the road to DevOps nirvana that so many organizations have been attempting to follow, security got left behind. You see, a big driver of the need for DevOps is the speed with which organizations crank out software. It turns out it's really easy for software development to run off the rails, turning what should be innovation into unnecessary fiascos that can cost millions to fix, or worse yet, cause irreparable damage to a company's reputation.
New software also brings with it new threats to the overall security of an organisation, so understanding the potential risks and vulnerabilities software introduces is essential if businesses want to keep hackers at bay
The U.S. Securities and Exchange Commission introduced new SEC cybersecurity disclosure rules to prevent insider trading related to data breaches and other security incidents.
Attacks by cybercriminals can be costly for businesses if they want to avoid losing their data. The most recent example is Uber, the globally operating U. S. driver service agent, who has been the victim of a Ransomware attack: Data from 57 million customers and drivers were hacked, including names, addresses and driver's license numbers. Over paid $100,000 to the hackers and concealed the incident, but is now exposed to the serious charge of covering up a criminal offence. This latest case shows once again the importance of advanced data protection to prevent cyber attacks. Julian Totzek-Hallhuber, Solution Architect at CA Veracode, gives five tips on how companies can easily and effectively protect themselves against Ransomware attacks.
A machine that automatically finds new vulnerabilities in any software - this is what a team led by Fabian Yamaguchi from Berlin is working on. Can anyone become a hacker?
Hint: hit them where it hurts the most – their own personal reputation and livelihood.
This is a guest article by Julian Totzek-Hallhuber, Solution Architect, CA Veracode. The Aztec Empire, the Roman Empire or the British Empire - if one had asked contemporary witnesses, these cultures seemed untouchable and would last forever. External influences and socio-cultural developments have only made them examples of transience in the course of history. Today, the world looks completely different, but some developments in the shadow of technological progress have the potential to revolutionize our society from the ground up. The advantage is that we are able to recognize early warnings and take countermeasures. When Europeans entered the new world, it was the beginning of the end of the indigenous tribes and advanced cultures of a whole continent. Such a scenario, which in the long run can wipe out entire civilizations, is of course unthinkable nowadays, since today's cultures are consolidated and embedded in the global community. Accordingly, such upheavals today have far more far-reaching consequences, affecting much larger regions and sometimes the whole world. Three scenarios in particular are now able to change the course of the world from the ground up.
With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests.
Much has changed in software security over the last year. Nation state-directed attacks demonstrated the significant danger posed by software vulnerabilities and raised the pressure on developers to secure their software. Attackers used exploits leaked from the National Security Agency (NSA), for example, to spread ransomware, including the costly WannaCry and NotPetya attacks.
Developers tend to get thrown under the bus when it comes to application security, but recent data shows that developers do, in fact, care about security. Take mitigation for example. Developers don’t try to rig the system by rejecting findings as false positives or as mitigated by design. Developers documented mitigations for just 14.4 percent of all flaws found by CA Veracode’s platform in the past year.
The culture connection gets real as experts agree that secure software development requires a new mindset across the board.
Chris Wysopal, CTO for the CA Veracode portfolio of security testing tools CA Technologies acquired last year, said the survey results make it clear many organizations are still wrestling with the concept of DevSecOps. Many of them may be far along the path to building a culture around DevOps, but more often than not, security teams haven’t been included in those processes, says Wysopal.