11.12.07 - Veracode Founder to Present at Web Application Security Conference

News & Events

Veracode to Sponsor and Deliver Software Vulnerabilities Presentation at OWASP & WASC AppSec Conference

WHO: Chris Wysopal, Founder and CTO, Veracode, Inc.

WHAT: OWASP & WASC AppSec 2007 Conference

WHEN: Wednesday, November 14, 2007
1:20 a.m. – 12:20 p.m. EST

WHERE:    eBay
                  2145 Hamilton Avenue
                   San Jose, California 95131

DESCRIPTION:

Veracode Founder and CTO Chris Wysopal will give a talk on: "Backdoors and Other Developer 'Features.'" He will discuss recently completed research on the subject of backdoors – vulnerabilities embedded within application code by developers that enable them to bypass authentication or other security controls. Chris will examine the classification of those backdoors that have been detected in applications and provide real world examples of application backdoors, a generalization of the mechanisms they use, and strategies for detecting these mechanisms (including static analysis of source and binary code).

For more information, please visit:
http://www.owasp.org/index.php/7th_OWASP_AppSec_Conference_-_San_Jose_2007/Agenda

ABOUT VERACODE

Veracode is the industry’s first provider of automated, on-demand application security testing and assessment solutions. Created by a world-class team of application security experts, the company delivers services to identify software flaws introduced through coding errors or malicious intent. Veracode’s core service, SecurityReview® uses patented binary code analysis and dynamic web testing that is uniquely able to inspect entire application inventories, including components, and does not require companies to expose their valuable source code. Enterprises can now protect their intellectual property while preventing attacks allowed by vulnerabilities in applications.

As the most accurate and comprehensive solution, Veracode makes it simple and cost-effective to implement application security best practices and reduce operational costs related to manual reviews. Whether a company is developing applications internally, purchasing software or integrating code from partners, Veracode’s SecurityReview provides insight to the security level of your applications. Outsourcing code analysis to Veracode is the easiest way to secure your software. With a pragmatic approach to application security, Veracode helps you fix what matters most to your business.

Visit www.veracode.com for more information.

Media Contact:
Jim Crook
Lois Paul & Partners
781-782-5734
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

PRESS RELEASE ARCHIVE

Site Map | Responsible Disclosure Policy | Privacy Policy | Contact Us

Veracode offers the first on-demand, application security solution that provides automated application security testing through an easy-to-use, software-as-a-service delivery model. By providing code analysis and web application security testing as a service, organizations have no software or hardware to purchase, install, maintain or upgrade.

With Veracode, enterprises can use application security assessment to achieve code security and implement testing into their secure software development life cycle at key development milestones. For enterprises that want to improve SDLC security without sacrificing profitability or competitiveness, Veracode offers SecurityReview®. SecurityReview combines static, dynamic, and manual testing capabilities and scans code after it has been compiled—at the binary level or "byte" code level rather than the source level, as other solutions do. This offers two distinct advantages: One, binary code analysis is more efficient, so vulnerabilities can be found more quickly and with fewer false positives. And two, binary code analysis is the most complete application security testing method because all code can be scanned regardless of origin.

Information on other topics related to application security assurance, dynamic application security testing, XSS, SQL Injection, IT risk management, static code analysis, and offshore development are also available on this site.