Paul Ambrosini | Veracode

Products
Intelligent Software Security Platform
- PREVENT
  
  eLearning
  Learn secure coding on-demand at your pace
  
  Security Labs
  Exploit insecure apps with hands-on labs
- DETECT
  
  SAST
  Find and fix flaws as you write code
  
  SCA
  Stop Open-source code vulnerabilities
  
  Container
  Secure container technologies before production
  
  DAST
  Find and fix runtime web app vulnerabilities
  
  PTaaS
  Leverage skills of experienced penetration testers
- RESPOND
  
  Fix
  Automate remediation and save developer’s time
  
  Services
  Build, Mature, and Scale Impactful AppSec Programs
Solutions
Customer Challenges We Solve
- Column 1
  
  Secure Entire SDLC
  Manage risk across your software portfolio
  
  Build Developer Security Competency
  Secure code with confidence
- Column 2
  
  Protect the Software Supply Chain
  Source software securely
  
  Manage the Web App Attack Surface
  Discover unknown risks
- Column 3
  
  Secure Cloud Development
  Security from code to cloud-native
Why Veracode?
Software Security for Developers & Security Teams
- Column 1
  
  For Developers
  Spend More Time Writing Code and Less Time Fixing What Isn’t Broken . 
- Column 2
  
  For Security
  Application Security That’s Pervasive, Not Invasive
- Column 3
  
  For Developers+Security
  Connect Security and Development Teams to Ensure Adoption and Compliance
Resources
Learn. Discover. Support & Services
Customers
Partners
Company
We Are Veracode

Paul Ambrosini

Paul Ambrosini

Paul is the Director of engineering at SourceClear, leading the platform team to build the best software composition analysis solution.

Stay up to date on Application Security

Posts by Paul Ambrosini

Secure Development

December 22, 2015 | By Paul Ambrosini

Docker and JAVA_OPTS

While adjusting some environment variables recently, I came across an odd issue with Docker, Spring Boot and JAVA_OPTS. JAVA_OPTS comes from the Tomcat/Catalina world and when searching for "Docker and javaopts" on Google you'll find many references to just adding JAVA_OPTS to the Docker…
Read Article

Research

November 11, 2015 | By Paul Ambrosini

Spring Social Core Vulnerability…

Today we would like to announce the discovery of a vulnerability in the Spring Social Core library. Spring Social provides Java bindings to popular service provider APIs like GitHub, Facebook, Twitter, etc., and is widely used by developers. All current versions (1.0.0.RELEASE to 1.1.2.RELEASE) of…
Read Article
Research

April 26, 2015 | By Paul Ambrosini

Spring, RabbitMQ & Dead Letter…

RabbitMQ has become a staple for building job queues between the myriad of spring boot micro-serivces I've built at SRC:CLR. The Spring abstraction has allowed for quick and mostly painless development. What I hadn't found a need for was RabbitMQ's "Dead Letter Exchange" setup. Multiple times there…
Read Article
Managing AppSec

January 15, 2015 | By Paul Ambrosini

Prohibiting RC4 Cipher Suites in AWS

In December of 2014 researchers found that the RC4 cipher being used in common TLS implementations could be easily broken. As of January 15 2015 the recommended predefined security policy for AWS Elastic Load Balancers still permits the use of RC4 ciphers and will need to be custom configured to…
Read Article

Browse By Topic

Select a Topic