Chris Wysopal

Chris Wysopal, co-founder and CTO of Veracode, is recognized as an expert and a well-known speaker in the information security field. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. At Veracode, Mr. Wysopal is responsible for the security analysis capabilities of Veracode technology.
Posts by Chris Wysopal

Security Policy Without Enforcement Doesn't Work

September 13, 2007

One of my first "real" jobs in security back in the 90's was working as an IT security engineer for a government contractor and internet backbone provider. One of our tasks was finding people who bridged the internal network with the internet. We found one guy who had been running his own ecommerce business on our external network. He showed up on our scans because he had 2 network interfaces on... READ MORE

Backdoor Detection in the News

July 26, 2007 3

There has been some talk in the press lately about backdoors due to the recent court case where it was disclosed that federal agents planted a keystroke logger on a suspect’s computer using a trojan program. Many of the articles don’t report on the court case but raise the question as Declan McCullagh titles his article, “Will security firms detect police spyware?” You can see the security cat... READ MORE

Chris Wysopal Interviewed by Christofer Hoff

June 26, 2007

A few days ago Christofer Hoff interviewed me on his blog. We talked about Veracode and the application security industry. Click here to read the interview: Take 5- Five Questions for Chris Wysopal, CTO Veracode   READ MORE

Your Browser Requests To Be Exploited

April 25, 2007

Client-side browser vulnerabilities, the ones that require the browser software on your computer to make a request to a web site hosting a malicious web page, are on a sharp rise. Sophos reports: From January to the end of March, Sophos identified an average of 5,000 new infected webpages every day, indicating that this route to infection is becoming more popular with cybercriminals. and Not all... READ MORE

Online “Pick Pocket” Attacks Getting Worse After All These Years

March 21, 2007

You see, Oliver... [sung] In this life, one thing counts In the bank, large amounts I'm afraid these don't grow on trees, You've got to pick-a-pocket or two. You've Got To Pick-a-Pocket or Two lyrics, from Oliver! Does this ABC News story on criminals looting 401K and online trading accounts of tens of millions of dollars surprise anyone in the security field? Well of course it shouldn’t. We... READ MORE

It's Time For Fair Use In Patent Law

February 27, 2007

RFID security device manufacturer HID is using threats of patent infringement to stifle a Black Hat Federal presentation by Chris Paget on the threat of RFID card cloning. The risks of RFID card cloning are real and are nothing new. The details of the technology has been publicly available for years. What is new is the visceral demonstration that a device can provide. HID is scared that people... READ MORE

TJX Data Theft Just Keeps Getting Worse

February 23, 2007

TJX issued a press release yesterday coming clean on what they know about the breach of their corporate network. They are now admitting that they have been compromised as early as July 2005 and continued to be compromised up until December 2006. It is unlikely only one attacker found the vulnerabilities exploited. I wouldn't be surprized if dozens of attackers found their way into the network... READ MORE

The Software Trustworthiness Framework (STF©)

January 30, 2007  | Research

[Today we have our first guest blog entry from Elfriede Dustin. Elfriede is a co-author of "The Art of Software Security Testing" and has written a few books on software testing, most notably, "Automated Software Testing" published by Addison-Wesley in 1999. We have heard plenty from security experts on how to fix the software development process to produce more secure... READ MORE

Vulnerability Disclosure in the new “Software in the Cloud” World - Part II

January 17, 2007  | Research

In part I of this article I wrote about the history of vulnerability research and how researchers having legal access to the software and hardware they need to conduct their research is a pre-requisite. This is why there was such little research on software before 1996. Not only is legal access important but being able to run the software in a lab environment is important. Pure black box testing... READ MORE

Vulnerability Disclosure in the new “Software in the Cloud” World - Part I

January 12, 2007

There is no doubt that Web 2.0 is upon us. The software we use everyday is migrating from our desktops, laptops and company servers to the great data centers in the sky. The first application to move to the cloud was e-mail, then picture and file sharing services, and now traditional desktop applications such as calendaring, task lists, spreadsheets and word processing are all available via the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu