Jason Yeo | Veracode

Products
Intelligent Software Security Platform
- PREVENT
  
  eLearning
  Learn secure coding on-demand at your pace
  
  Security Labs
  Exploit insecure apps with hands-on labs
- DETECT
  
  SAST
  Find and fix flaws as you write code
  
  SCA
  Stop Open-source code vulnerabilities
  
  Container
  Secure container technologies before production
  
  DAST
  Find and fix runtime web app vulnerabilities
  
  PTaaS
  Leverage skills of experienced penetration testers
- RESPOND
  
  Fix
  Automate remediation and save developer’s time
  
  Services
  Build, Mature, and Scale Impactful AppSec Programs
Solutions
Customer Challenges We Solve
- Column 1
  
  Secure Entire SDLC
  Manage risk across your software portfolio
  
  Build Developer Security Competency
  Secure code with confidence
- Column 2
  
  Protect the Software Supply Chain
  Source software securely
  
  Manage the Web App Attack Surface
  Discover unknown risks
- Column 3
  
  Secure Cloud Development
  Security from code to cloud-native
Why Veracode?
Software Security for Developers & Security Teams
- Column 1
  
  For Developers
  Spend More Time Writing Code and Less Time Fixing What Isn’t Broken . 
- Column 2
  
  For Security
  Application Security That’s Pervasive, Not Invasive
- Column 3
  
  For Developers+Security
  Connect Security and Development Teams to Ensure Adoption and Compliance
Resources
Learn. Discover. Support & Services
Customers
Partners
Company
We Are Veracode

Jason Yeo

Jason Yeo

Jason is a software engineer at Veracode working on SourceClear's Agent team.

Stay up to date on Application Security

Posts by Jason Yeo

Security News

December 25, 2016 | By Jason Yeo

Rails_admin Vulnerability Disclosure

A few days ago, I found a CSRF vulnerability in rails_admin. rails_admin is a Ruby gem that generates administrative interfaces for your models automatically. Interestingly, this vulnerability is similar in nature to the one I found in administrate, a similar gem. Additionally, past Ruby gems…
Read Article

Research

April 10, 2016 | By Jason Yeo

TLS Verification in Ruby Client…

A week ago, a couple of security researchers warned about unverified TLS certificates in SSL libraries of some programming languages. You may read more at their blog. In summary, they found that all programming languages do not verify revoked certificates and languages like Python and PHP do not…
Read Article
Managing AppSec

April 5, 2016 | By Jason Yeo

Rails Engines: Magic or Curse?

Most Rails applications typically use a bunch of gems. Some of these gems may be Rails engines. Devise, Shoppe and RailsAdmin are examples of engines. The simple definition of an engine is a mini Rails application. When you include an engine in your Rails application, you are actually including an…
Read Article
Managing AppSec

March 29, 2016 | By Jason Yeo

When Rails' protect_from_forgery…

Cross-site request forgery (CSRF) protection has been around in the form of protect_from_forgery since Rails 2 but somehow it's also the most misunderstood feature in the Rails community. To many Rails developers, the protection might seem like magic and thus the details of how it works are ignored…
Read Article

Browse By Topic

Select a Topic