Managing AppSec

When your application security program is up and running, you need best-practice advice on managing and growing the program. Our security experts will guide you through important steps like measuring the success of your program or expanding it to cover more of the application landscape.

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at CA Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Podcast: What the Apache Struts 2 and the Irish Potato Famine Have in Common

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Introducing the New CA Veracode Community

amay's picture
By Asha May September 26, 2017  | Managing AppSec
CA Veracode Community

We’re excited to announce the public launch of our new CA Veracode Community – a central destination for developers and security professionals to exchange best practices, and discuss trends in AppSec and secure development. As businesses continue to increase their reliance on software, you’re feeling pressure for faster version releases, while simultaneously reducing the risk of a breach. The CA... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

The Seven Deadly Sins of Open-Source Libraries

mcurphey's picture
By Mark Curphey September 21, 2017

There are at least seven types of open-source library vulnerabilities that we should all be extremely concerned about. Before describing them it is worth reiterating that simply linking to a vulnerable library in your project doesn’t mean your application will have a vulnerability. That's FUD. You will only have a vulnerability if you are using the vulnerable methods of the vulnerable library in... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 21, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from CA Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Security: Make a Commitment to Working With Development

cdomoney's picture
By Colin Domoney September 14, 2017
Security should commit to understanding dev processes

The days of security and development working side by side in separate silos are over. With the DevOps-induced security “shift left,” security testing now falls in the realm of the developer, and leaves security in more of an enabling, rather than enforcing, role. And this new role requires a new understanding of developer priorities and processes. The security function cannot be effective in a... READ MORE

Confessions of an Insecure Coder

lmercer's picture
By Laurie Mercer September 11, 2017  | Managing AppSec
How SQL injection happens

My name is Laurie Mercer, and I have introduced a security vulnerability into software. The year was 2004. As I travelled to work, Franz Ferdinand and The Killers blared on my cool new iPod. I was a developer, my first proper job after graduating with a degree in computer science and moving to the big city. Responsible for implementing functional changes, I would code new forms and business logic... READ MORE

Podcast: Implications of the EU GDPR

sciccone's picture
By Suzanne Ciccone September 4, 2017  | Managing AppSec
EU GDPR Podcast

The EU General Data Protection Regulations (GDPR) go into effect in May 2018, and will introduce stark new data security requirements for any organization in the EU, or doing business in the EU. The requirements in this regulation surrounding data retention and personal information are unprecedented, and so are the fines for non-compliance. How will this play out in a world where information is a... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu