John Zorabedian

John Zorabedian is a blogger and copywriter at Veracode. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.
Posts by John Zorabedian

HipChat Breach Shows Dangers of Slacking on Security of Third-Party Components

April 27, 2017  | Managing AppSec | Security News

This week, HipChat advised customers that one of its databases was breached by attackers who exploited a vulnerable third-party library used on HipChat.com. HipChat, owned by Atlassian, said that the compromised database stored customer usernames, email addresses, hashed passwords, and room metadata such as room name and topic. HipChat’s fast action to force a reset of all HipChat passwords... READ MORE

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

April 19, 2017  | Security News 4

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

March 27, 2017  | Secure Development

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

March 22, 2017  | Security News

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

March 15, 2017  | Security News

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

March 9, 2017  | Security News

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulations

January 3, 2017  | Security News

New York State has passed strict new cybersecurity requirements for financial services companies doing business in New York, and affected organizations will need to prove compliance with the regulations beginning in February 2018. New York Governor Andrew Cuomo said the "first-in-the-nation" cybersecurity regulations are necessary to "guarantee the financial services industry... READ MORE

Top Takeaways From Veracode’s Developer Survey

December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

November 22, 2016  | Intro to AppSec

People like novelty, and why not? The same old stuff gets boring. In the security world, it's understandable that newly discovered application vulnerabilities get a lot of attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of the past year, is SQL injection.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu