Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

No One Technology is a Silver Bullet

September 23, 2015  | Research

Can one approach to application security solve all your problems? Of course this is a silly question as anyone who is tasked with reducing the risk of their application layer knows. The only people who ask this question are vendors … who of course have a vested interest in drumming up business for their offerings. This week we’re all treated to watch this spectacle play out in the... READ MORE

GHOST Highlights How Vulnerable Components Can Haunt an Enterprise

February 2, 2015  | Research

Last week, a security alert was issued disclosing a critical buffer overflow vulnerability on Linux systems. The vulnerability known as GHOST (CVE-2015-0235) impacts applications running on Linux systems using glibc version 2. This is a serious vulnerability because it has a high impact when exploited, and the vulnerability is very widespread, due to the sheer number of public-facing Linux... READ MORE

Shellshock – what you need to know

September 25, 2014  | Research

shellshock-a-bug-called-bash.png News of the Bash Bug/Shellshock vulnerability is being widely covered since the Ars Technica article published yesterday afternoon.  There is speculation that this bug is going to be more catastrophic than Heartbleed, and like the much publicized OpenSSL vulnerability, we won’t know the full extent of its impact for some time. There are... READ MORE

Coming to a computer near you, SQL: The Sequel

August 8, 2014  | Research

It might sound like a bad movie, but it’s playing out in real life – despite what seems like endless hacks using SQL injections, SQLi related breaches keep turning up like a bad penny. GI-Joe.jpg Most recently, Hold Security reported that they discovered a breach by Russian Hacker Ring. While details of this series of breaches are still surfacing, it is time for... READ MORE

Cloud or Not - Third-Party Software Adds Unnecessary Risk

June 13, 2014  | Research

cloud-security-concerns-300x223_2.jpg Don't be misled regarding the security implications of cloud-based software.   There’s been some discussion regarding the Cloud Could Triple Odds of $20M Data Breach research findings by Ponemon – so I thought I would weigh in on this issue. Risky software, regardless of deployment method, is what is adding unnecessary... READ MORE

Improving Software Security Through Vendor Transparency

June 12, 2014  | Research

chris-wysopal-fs-isac-vendor-security_2.jpg Chris Wysopal moderates a panel discussion at the FS-ISAC & Bits Annual Summit 2014   According to Gartner, enterprises are getting better at defending traditional network perimeters, so attackers are now targeting the software supply chain. This has made third-party software – including commercial and outsourced... READ MORE

Benefits of Binary Static Analysis

May 19, 2014  | Research

we-heart-binaries_2.jpg 1. Coverage, both within applications you build and within your entire application portfolio One of the primary benefits of binary static analysis is that it allows you to inspect all the code in your application. Mobile apps especially have binary components, but web apps, legacy back office and desktop apps do too. You don’t want to only analyze the... READ MORE

Cybercriminals Aimed at Supply Chain to Reach Their True “Target”

February 5, 2014  | Research

So far the Target breach has caused 15.3 million credit cards to be reissued, costing millions of dollars to credit card companies. The full scope of the breach is not yet fully understood or known, but new details are coming out almost daily. For example, an article in the Wall Street Journal recently disclosed that the cyber-criminals were able to access Target’s systems through a third-... READ MORE

Third-party application vulnerabilities more concerning than NSA "backdoors"

September 20, 2013

Last week the New York Times broke a story regarding the ability of the NSA to foil basic privacy safeguards. What seemed to catch the most attention from other media outlets, as well as political and technology pundits was the fact the NSA had asked some software vendors to insert backdoors into their code so that the NSA can easily “hack” into systems running these applications. The coercion of... READ MORE

Why was the Syrian Electronic Army able to hack the Washington Post?

August 16, 2013 3

Putting political motivations aside, why were the Washington Post, CNN.com, Time and others recently hacked? Simply put, they extended their trust perimeter to include a third party component without vetting its security properly. Extending trust is necessary in the business world but in the immortal words of Ronald Reagan, to maintain security we must "trust but verify". Attackers look to... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu