Did You Read Our Most Popular 2018 Blog Posts?

sciccone's picture
By Suzanne Ciccone January 15, 2019
A look at our most popular blog posts in 2018

Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – from open source risk, to using AppSec as a competitive differentiator, to security’s new role in a DevOps world. The... READ MORE

The Top Cybersecurity Breaches of 2018

lpaine's picture
By Laura Paine January 14, 2019

The past year was a wild ride on many fronts, and it included some of the biggest data breaches we’ve seen in recent history. According to a report from Business Insider, some of the biggest victims in 2018 were T-Mobile, Quora, and Orbitz. Millions of people around the world were left vulnerable, as hackers accessed and stole their personal information – which in some cases included passport... READ MORE

Key Takeaways From SANS Report: Secure DevOps 2018: Fact or Fiction?

sciccone's picture
By Suzanne Ciccone January 11, 2019
Get key takeaways from SANS secure DevOps survey

DevOps, with its focus on speed and incremental development, is changing the application security landscape. We’ve talked about this change a lot in the past couple years, and how security should fit into this picture. Now SANS is taking a look at how security actually is fitting into this DevOps picture in practice. In a recent survey, the sixth in a series of annual studies by SANS on security... READ MORE

A New Year Means New Security Resolutions – Hear From the Experts

vlattell's picture
By Valerie Lattell January 8, 2019
Veracode team shares their 2019 security resolutions

With January upon us, there’s undoubtedly a buzz in the air as security and development professionals eagerly plan out their 2019 strategies. You might be wondering what resolutions you can make that will help you navigate the New Year, and to take it a step further, what trends you should consider when crafting these resolutions. To help you get started, here are some suggestions from the... READ MORE

Marriott Confirms Less Than 383 Million Unique Guests Affected in Starwood Data Breach

lpaine's picture
By Laura Paine January 7, 2019

Marriott has confirmed that the number of guests affected in the breach of Starwood’s guest reservation database is down from the originally estimated 500 million to “fewer than 383 million unique guests.” At this time, the hotel giant is unable to confirm an exact number of guests impacted. According to the statement, approximately 5.25 million unique unencrypted passport numbers and 20.3... READ MORE

Top Ways to Get ROI From Your AppSec Program

jtsmith's picture
By John Smith January 7, 2019  | Managing AppSec
Find out our top ways to boost your AppSec ROI.

When you make an investment in an application security program, you’re expecting to derive value from the initiative; in other words, you’re expecting to get some kind of return on your investment. After more than 10 years working with organizations to implement and build out application security programs, we have a pretty clear sense of what that value is. We find that the value derived from an... READ MORE

Hackers Exploit Known Google Chromecast Vulnerability in Thousands of Devices

lpaine's picture
By Laura Paine January 3, 2019

Starting the New Year off with a bang, Hacker Giraffe and J3ws3r reportedly exploited a vulnerability in thousands of Google Chromecast streaming devices. The CastHack bug, allegedly disclosed nearly five years ago, enabled the hackers to remotely access thousands of the streaming devices, causing them to show a pop-up notice on connected TVs alerting users that their misconfigured router is... READ MORE

Exploiting JNDI Injections in Java

mstepankin's picture
By Michael Stepankin January 3, 2019
JNDI injections in Java

Java Naming and Directory Interface (JNDI) is a Java API that allows clients to discover and look up data and objects via a name. These objects can be stored in different naming or directory services, such as Remote Method Invocation (RMI), Common Object Request Broker Architecture (CORBA), Lightweight Directory Access Protocol (LDAP), or Domain Name Service (DNS). In other words, JNDI is a... READ MORE

Flaws and Vulnerabilities and Exploits – Oh My!

vlattell's picture
By Valerie Lattell December 20, 2018
How to distinguish between flaws, vulnerabilities, and exploits.

With the slew of terms that exist in the world of application security, it can be difficult to keep them all straight. “Flaws,” “vulnerabilities,” and “exploits” are just a few that are likely on your radar, but what do they mean? If you’ve used these words interchangeably in the past, you’re not alone. They’re easy to confuse with one another, likely because there’s a relationship between all of... READ MORE

Indictment of Chinese Hackers Underscores Need for Stronger Cybersecurity

lpaine's picture
By Laura Paine December 20, 2018

According to a newly unsealed indictment, two Chinese nationals working with the Chinese ministry of state security have been charged with hacking a number of U.S. government agencies and corporations. The court filing indicates that Zhu Hua and Zhang Jianguo, members of Advanced Persistent Threat 10 (APT10), used phishing techniques in order to steal intellectual property, confidential business... READ MORE

 

 

contact menu