Tim Jarrett is Senior Director of Product Marketing at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and has a Bacon number of 3. He can be found on Twitter as @tojarrett.
Updated 4/16/2020. Originally published 12/28/2016. It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with it? Why should you spend time hunting down vulnerabilities in your code and figuring… READ MORE
Stay up to date on Application Security
- Looking Ahead to RSA: Talking Open Source Components
The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at CA Veracode, and we will have a major presence there, in part because of the sheer size of this event – both in terms of attendance and scale. It’s definitely the leading business-focused security show, and we… READ MORE
- Best Practices for Complying with Emerging Application Security RegulationsAugust 14, 2017 | Managing AppSec
In a previous blog post, we discussed how the proliferation of data breaches has caught the attention of regulators, which are increasingly focused on cybersecurity and application security. Case in point: Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their… READ MORE
- What You Need to Know About the Latest Trends in AppSec RegulationsAugust 8, 2017 | Managing AppSec
As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU General Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence… READ MORE
- Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual StudioJuly 24, 2017 | Secure Development
We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual… READ MORE
- Veracode Visual Studio Extension, Now in the Visual Studio MarketplaceMarch 28, 2017 | Customer News
Application security cannot be solved with a tool alone. There are significant organizational challenges, like gaining buy-in from various areas of your organization, helping developers to fix security flaws and making sure that security becomes part of the testing process. It’s truly a cultural shift. As such, adoption of application security will only be successful if you eliminate as much… READ MORE
- 5 Ways to Keep Your Applications Safe From Vulnerable ComponentsDecember 1, 2016 | Secure Development
In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications. What this leaves us with, as… READ MORE
- How One Open Source Component Put Up to 25% of Java Applications at RiskNovember 30, 2016 | Secure Development
In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of… READ MORE
- Why the Ransomware Attack on San Francisco Is Such a Big DealNovember 29, 2016 | Secure Development
The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for vulnerable… READ MORE
- Regulations like FS-ISAC and PCI are now looking at the security of open source components, are you ready?November 29, 2016 | Managing AppSec
For years, organizations have “checked the box” by doing the minimum to meet security standards like PCI and FS-ISAC, but a rising tide of breaches has caused most auditors to look more seriously at organizations’ security practices, including the security of open source components. Do your developers use open source components? Are you prepared to answer regulators about their safety?… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.