Chris Eng, Chief Research Officer, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.
- Delivering Unhappiness
You've probably read by now that online retailer Zappos suffered a security breach affecting over 24 million customers. As a Zappos customer, I received the email last night alerting me about the breach. I got a nearly identical email from their sister company, 6pm.com, as well. This is a clear sign that I buy too many shoes. What's interesting to me about this breach is that Zappos is renowned… READ MORE
Stay up to date on Application Security
- Vulnerability Response Done Right
Here's a feel good story to start the new year. Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. Nothing special about that; we detect thousands of these things every week. But as we discussed this particular finding, we noticed that the layout of the website looked... familiar. As it turned out, the… READ MORE
- State of Software Security, Volume 4
Today we're releasing Volume 4 of our semi-annual State of Software Security report. This edition incorporates data from 9,910 application builds (twice as many as last time) analyzed via our cloud-based platform over the past 18 months. In this edition, we also discuss how the threat landscape has evolved during 2011 and how we've adapted our analysis and evaluation criteria to account for those… READ MORE
- Stay Cool, Nobody is Calling Your Baby Ugly
Let me start by saying I have a great deal of respect for Dinis Cruz. He's tremendously passionate about application security and has made numerous contributions to the community through his involvement with OWASP. We even sat on a panel together recently. But I was taken aback by a presentation he gave at OWASP AppSec Brazil entitled Making Security Invisible by Becoming the Developer's Best… READ MORE
- "We Don't Sell It? Then It's Not Important"
[UPDATE: Since there seems to be some confusion, the "We" in the title of this post is NOT "Veracode". The expression is a generic one intended to illustrate the attitude exhibited by many companies who like to downplay the value and/or effectiveness of technologies that they themselves do not sell. I can't believe I am having to explain this.] Fair warning, this is a bit of a rant. Back in my… READ MORE
- State of Software Security, Volume 3
It's here! Data junkies rejoice! Today we're proud to release the third volume of our semi-annual State of Software Security report. This edition incorporates data from 4,835 applications analyzed via our cloud-based platform over the past 18 months. After lots of number crunching and a fair amount of head scratching, we've unearthed some intriguing findings that reflect the progress (or lack… READ MORE
- Please Jump Off the APT Bandwagon
One of the comments I heard repeatedly at the RSA Conference was that many vendors on the expo floor were jumping on the Advanced Persistent Threat (APT) bandwagon, handwaving wildly and claiming disingenuously that their product -- or "solution" to be even more self-aggrandizing -- would protect against APTs. That, combined with the RSA SecurID breach last week and a recent article by Bill… READ MORE
- 2011 Security Blogger Awards
The 3rd Annual Social Security Blogger Awards were announced last week during the RSA Conference in San Francisco. Veracode received two awards, one for Best Corporate Blog and the other for Best Security Blog Post of the Year. Here is a list of all the nominees and the award winners. It's always an honor to be recognized by peers, so on behalf of all the Veracode bloggers, thank you for reading… READ MORE
- Free XSS Scanning for the Masses
We're very excited here at Veracode to announce the availability of our new FREE service to detect cross-site scripting (XSS) in your web application. This is a significant milestone for our company and for the security industry, and we encourage everyone from small ISVs to major enterprises to give us a try. Hopefully this will be one of the first steps in the long road to eliminating XSS; after… READ MORE
As application inventories have become larger, more diverse, and increasingly complex, organizations have struggled to build application security testing programs that are effective and scalable. New technologies and methodologies promise to help streamline the Secure Development Lifecycle (SDLC), making processes more efficient and easing the burden of information overload. In the realm of… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.