John Zorabedian

John Zorabedian is a blogger, content marketer, and research editor. He has a background in marketing and journalism, writing about IT security, technology, business, politics and culture. He lives and works in the Boston area.
Posts by John Zorabedian

Magento Zero-Day Leaves 200,000 Online Retailers Vulnerable to Attack

April 19, 2017  | Security News 4

Security researchers are warning of a high-risk vulnerability in Magento Community Edition, another reminder of systemic risk in our digital economy, which is built upon software and applications that need continuous monitoring. The Magento vulnerability could allow attackers to execute arbitrary code to access sensitive customer data, including credit card information and other payment data.... READ MORE

10 Gadgets and Skills of Superhero Developers [INFOGRAPHIC]

March 27, 2017  | Secure Development

Developers perform heroic feats every day, frequently at night, and sometimes on weekends. You might not always get the recognition you deserve, but you still need to keep your skills sharp to survive in a fast-moving Agile or DevOps shop. When you master the skills and tools you need to do your job well, you'll get an uplifting confidence from self-improvement, feel empowered to try new ideas,... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

March 22, 2017  | Security News

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the CIA... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

March 15, 2017  | Security News

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

March 9, 2017  | Security News

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what CA Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is widespread in Java... READ MORE

Can You Defend Your AppSec Program? Be Ready to Answer These Questions

January 3, 2017  | Managing AppSec

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to different concerns for each type of stakeholder. To help you, we offer this list of questions you... READ MORE

FAQs About the New York DFS Cybersecurity Regulations

January 3, 2017  | Security News

New York State has passed strict new cybersecurity requirements for financial services companies doing business in New York, and affected organizations will need to prove compliance with the regulations beginning in February 2018. New York Governor Andrew Cuomo said the "first-in-the-nation" cybersecurity regulations are necessary to "guarantee the financial services industry... READ MORE

Top Takeaways From CA Veracode’s Developer Survey

December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

SQL Injection Attacks and How to Prevent Them [INFOGRAPHIC]

November 22, 2016  | Intro to AppSec

It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL injection. According to CA Veracode research, SQL injection ranks among the 10 most common... READ MORE

The Top 10 Application Vulnerabilities [INFOGRAPHIC]

November 4, 2016  | Security News

Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary. To create our list, we analyzed 300,000 static and dynamic application assessments and billions of lines of code, over 18 months. From this analysis we determined... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu