Chris Eng, Chief Research Officer, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.
- Skype and Critical MassAugust 20, 2007
There's been a lot of blogging over the weekend about the 36-hour Skype outage that occurred starting last Thursday. From Skype's official explanation, it wasn't a security-related event -- in other words, Skype wasn't hacked. We have no reason to believe otherwise. However, security and availability are often discussed in the same breath, and lots of people will be speculating about the chain of… READ MORE
Stay up to date on Application Security
- File Format Vulnerabilities On the RiseMay 31, 2007
Software flaws have become serious vulnerabilties for companies today, as the security measures have become much better along the perimeter. And it's not just the flaws in enterprise and ISV code -- even code written by major antivirus companies can be at risk. F-Secure just posted a couple security bulletins around vulnerabilities in their antivirus products. Of particular interest is a buffer… READ MORE
- IOS FTP Vulnerabilities: Backdoor or Honest Mistake?May 13, 2007
Network World recently published an article entitled Cisco says FTP feature in IOS is a hacker backdoor. The opening paragraph reads as follows: Cisco says a flaw in the FTP server utility in its IOS router/switch software could be used as a backdoor by attackers. Do you see the discrepancy? The opening statement is inconsistent with the title of the article. Are they saying that the flaw could… READ MORE
- It Couldn't Happen To Us!May 9, 2007
[Allow me to introduce Mike VanEmmerik. Mike is one of our engineers, who works closely with Christien Rioux and others on Veracode's analysis engine. Those of you who follow the decompilation community probably recognize his name. We'll have a full bio posted for him soon, and he will be a regular contributor to this blog.] It Couldn't Happen To Us! by Mike VanEmmerik Surely this was what was… READ MORE
I never actually posted the rest of my notes from CanSecWest. At this point, I'd be leaning towards leaving it at that, but since I've had a couple requests to finish up, I'll oblige, providing I can still remember the salient points. So without further ado, CanSecWest Day 3: Andrea Barisani and Daniele Bianco from Inverse Path gave an informative and entertaining presentation on Unusual Car… READ MORE
- Raise Your Hand If You Use iTunesApril 26, 2007
Because if you do, you've probably installed QuickTime without realizing it. Why is this relevant? Well, if you've been in a cave for the last week, you may not have heard about the Quicktime/Java vulnerability discovered during the CanSecWest conference, which happens to affect just about anyone with those two applications installed. If you try to uninstall QuickTime, it'll happily oblige, but… READ MORE
- CanSecWest Day Two HighlightsApril 23, 2007
Slowly but surely, I'm catching up on my blogging backlog. As I posted before, Day 2 of CanSecWest was a long day, with presentations running from 9am to 9pm. Here are some of the highlights: Barnaby Jack's talk, Exploiting Embedded Systems - The Sequel!, was mostly the same as last year's talk with a couple notable exceptions. Last year, he exploited a UPnP stack overflow in the DI-524, while… READ MORE
- OSX Security Apologists, Read CarefullyApril 22, 2007
I'll post my thoughts from Days 2 and 3 of CanSecWest pretty soon. Thursday was a marathon 12 hours of talks followed by a Microsoft party, and Friday I went straight from the con to the airport to catch the red-eye back to Boston, so I just haven't gotten around to it. Before I do that, though, let's talk about the "Pwn To Own" contest, which turned out to be interesting.… READ MORE
- CanSecWest Day One HighlightsApril 19, 2007
- Landed in VancouverApril 17, 2007
As you may have guessed, I'm out in Vancouver the rest of the week attending CanSecWest. Looking forward to catching up with old friends and former colleagues and meeting more of you lurkers! I am always overly paranoid about getting owned by 0day at these conferences. My work laptop won't run Linux cleanly without rebuilding the kernel, and since I don't have time for that stuff anymore, I'm… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.