Caitlin Johanson

With over 12 years of experience in the security industry, Caitlin brings with her a welcomed knowledge base of relevancy and real world use cases to her role as Sr. Solutions Architect at Veracode. Her passion for fighting the good fight – for both prospects and customers alike - directly relates to her standing behind solutions which enable organizations to embrace security, before a breach occurs. With no real filter, Caitlin offers honest guidance down the road to security, always keeping the underlying business objectives in mind.
Posts by Caitlin Johanson

PCI Compliance & Secure Coding: Implementing Best Practices from the Beginning

July 15, 2014

13508806_m_2.jpg Is your SDLC process built on a shaky foundation?   A lot of the revisions to PCI DSS point toward the realization that security must be built into the development process. The foundation that ultimately controls the success or failure of this process must be built upon knowledge — that means training developers to avoid common coding flaws that can lead to... READ MORE

First Prioritize, Then Patch: Yes, Another Blog on PCI 3.0

June 25, 2014

vulnerability-prioritization-by-criticality_2.jpg Your scan results may have you feeling a bit overwhelmed but our actionable data and sorting can help streamline your remediation efforts!   In November’s update to PCI DSS, now on version 3.0, you may have noticed that the PCI Security Council switched the order of the first two application security focused sub-requirements.... READ MORE

Why Did the Chicken Cross the Road? To Get Its 3rd-Party Applications Secured!

June 11, 2014

12682173_s_2.jpg In the revisions to PCI DSS, now on version 3.0, the PCI Security Council added a note to Requirement 6.3, extending the secure software development mandate to include all custom, third-party developed software. At Veracode, we’ve been talking about the need to secure your third-party code for quite some time now, so we’re excited to see such a widespread standard... READ MORE

Food for Thought: Mobile Application Security & HIPAA

November 13, 2013

As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic. While there are plenty of steps... READ MORE

Twitter Two-Steps Harder Than a Skrillex Show on Ice

May 23, 2013

Nothing’s free in this world, especially not when it comes to security. With Twitter officially cramping your style, you are now forced you to waste precious seconds you could be tweeting, by instead waiting for a verification code to be delivered to your phone just so you can login. The thing about options is that you have them…and options tend to let people remain lazy. Options also carry... READ MORE

Resistance is Futile, So Let's Hug it Out!

April 9, 2013

It's only a matter of time before someone finds all the skeletons in your closet. In this case the "someone" is a hacker and the “closets” are your applications. As if that isn’t scary enough, consider all of the 3rd party applications and libraries being leveraged to make your applications function…and all of their skeletons you don't know of. No bones about it, there’s a whole heap of issues... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.