Since its inception, the CA Veracode Blog has seen a lot of activity, with blog posts running the gamut of research-intensive, humorous, and sometimes even controversial. We decided to run some numbers to look at our most popular posts ever (based on visitor traffic to the post), and the results are here for you to read and enjoy! Some posts are from previous years, while others are more recent – but their popularity attests to the fact that they are all hugely informative and entertaining. Read on and let us know your favorite!
This is a two-part post, look for the remainder of our best posts ever tomorrow!
New Unit of Reviewed Code Quality : This short post by Chris Wysopal (1 image, 3 lines) resonated with many of our readers (as you can see by the comments on the post) and remains evergreen years after it went live on our blog. I could try to talk about this some more, but really, the best way to understand why this post is our #1 is to click here and read. Enjoy!
AdiOS: Say Goodbye to Nosy iPhone Apps: Right on the heels of the controversy surrounding iOS apps transmitting users’ address book, CA Veracode’s Mark Kriegsman developed and posted a free utility called AdiOS (Addressbook Detector for iOS) that lets iOS users quickly scan the applications they’ve downloaded to see which apps have access to their complete address book. This utility has been downloaded by thousands of users wanting to know which of their apps are accessing their address book. This hugely popular post generated a flood of comments from readers of our blog. Read the post to download the utility and check out your apps.
Mark posted a video as well on YouTube which you can see here.
HTML5 Security in a Nutshell: Chris Eng authored this highly popular post on HTML5 Security, based on discussions with his research team. The post discusses possible attack vectors on HTML5, and ends with a note reminding developers to remember basic security tenets as the most important thing they can do to be vigilant against attack vectors.
Is Your Blackberry App Spying on You? This post by Chris Eng came out in February of 2010 as a follow up to Tyler Shields’ presentation at SchmooCon 2010 on mobile spyware as a threat to data privacy. The blog post focused on Tyler’s proof-in-concept on BlackBerry applications being able to access and export private user information, including contacts, messages, location, and usage info. The post contains Tyler’s presentation and an analysis of source code to demonstrate risks and malicious behavior. The post ends with three solid tips on how mobile users can protect their private data.
Mobile Apps Invading Your Privacy: Tyler Shields authored this post in 2011, and this was one of our most popular posts in the past year, drawing terrific participation from our readers. The post details the CA Veracode research team’s efforts in testing the Pandora application on Android to determine if the app was gathering personal data without proper permission from users. The post provided insight as to what user information was found being shared as well as what kinds of organizations were receiving the data.
BlackBerry Spyware Dissected: This post finds Chris Eng taking a closer look at an Etisalat software update for BlackBerry that was found to be intercepting and exporting users’ emails and text messages. Chris analyzed the code in .jar form and explained how the spyware gathered and transmitted private user data until it was detected following widespread user complaints regarding battery drainage.