Suzanne Ciccone

Suzanne is a marketing writer at Veracode. In this role, she’s part of a team working to shed light on AppSec through compelling and clear content. Suzanne has been a professional editor and writer for many years, for companies including Forrester Research, Cengage Learning and EBSCO Information Services.
Posts by Suzanne Ciccone

What the Apache Struts 2 Vulnerability and the Irish Potato Famine Have in Common

September 28, 2017  | Managing AppSec

Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Podcast: Implications of the EU GDPR

September 4, 2017  | Managing AppSec

EU GDPR Blog Podcast

The EU Global Data Protection Regulations (GDPR) go into effect in May 2018, and will introduce stark new data security requirements for any organization in the EU, or doing business in the EU. The requirements in this regulation surrounding data retention and personal information are unprecedented, and so are the fines for non-compliance. How will this play out in a world where information is a... READ MORE

Don't Be AppSec 'Helicopter Parents'

August 17, 2017  | Managing AppSec

Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example. Parents wouldn’t be doing their kids any favors by continuing to feed and dress them as if they were 4 when they’re 10. As children age, they start to do these basic tasks on their own, and the parent... READ MORE

Security Needs to Shift Left – and Right

July 25, 2017  | Managing AppSec

The move to Agile and DevSecOps development processes has fostered a lot of attention on the need to shift security testing left in the development cycle. And this is absolutely a pivot in the right direction. Moving security testing into the realm of the developer makes security testing faster, easier, more effective and less expensive. However, it’s important not to lose sight of the fact that... READ MORE

Podcast: What Our New Survey Reveals About the AppDev/Sec Relationship

July 21, 2017  | Managing AppSec

Appsec in Review Ep 7

Veracode recently partnered with ESG to conduct a survey of 400 IT, cybersecurity and developer professionals regarding their take on the benefits of AppSec for contemporary software development and deployment. The survey results revealed some positive trends, including the fact that many developers are focusing on security for security’s sake, rather than solely to meet compliance requirements.... READ MORE

How Veracode Integrations Enable Security at DevOps Speed

July 21, 2017

Veracode integrations speed the dev process

Speed and security are the name of the game in software development today. Why? Because software is now key to innovation and competitive advantage for every enterprise in every industry. This means that not only is the pace of software development rapidly increasing, but also that attacks against the application layer are proliferating. In turn, software development speed and security are now... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

June 19, 2017  | Security News

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Podcast: Our Take on the WannaCry Ransomware Attack

May 23, 2017  | Security News

wannacry podcast

On Friday, May 12, an unprecedented cyberattack affected approximately 200,000 computers across 150 countries. By exploiting a vulnerability in Microsoft Windows, a combined worm/ransomware attack called WannaCry shut down hundreds of thousands of computers and demanded payment in order to regain access. In episode 5 of our AppSec in Review podcast, Evan Schuman and Veracode's Brian Fitzgerald... READ MORE

Why Code Quality and Code Security Remain Two Separate Ideas

May 17, 2017  | Secure Development

quality code and secure code should be the same thing

The OWASP Top 10 list of the most critical web application security risks is finally being updated for the first time since 2013. A release candidate was published in April 2017, and the most significant takeaway was what was not on the list; namely, anything new. This is the first update in four years, and the list of vulnerabilities has not changed substantially. The same vulnerabilities – some... READ MORE

Before You Outsource Code Development – Think About the Security Implications

May 11, 2017  | Managing AppSec

Police in the Netherlands recently contacted more than 20,000 people who they suspect had their personal data stolen by a malicious web developer. This developer had built “backdoors” into applications he created for various businesses as a contractor. With the information he stole, it is alleged that he made online purchases, opened gambling accounts and impersonated victims' family members.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu