Research

Posts from the Veracode security research team that zero in a bit on new ideas, trends, and technology. The content here will help deepen your understanding of various application security topics and satisfy the technically-inclined reader.

State of Software Security Volume 9: Top 5 Takeaways for CISOs

sciccone's picture
By Suzanne Ciccone October 30, 2018
SOSS v9 key takeaways for security pros

We’ve just released the 9th volume of our State of Software Security report and, as always, it’s a treasure trove of valuable security insights. This year’s report analyzes our scans of more than 2 trillion lines of code, all performed over a 12-month period between April 1, 2017 and April 30, 2018. The data reveals a clear picture of both the security of code organizations are producing today,... READ MORE

SOSS Volume 9 reveals how DevSecOps can overcome the volume and persistence of software flaws

jlavery's picture
By Jessica Lavery October 24, 2018  | Research

Fall is a favorite season for many – in New England, we have beautiful colors and a chill in the air.  At Veracode, fall is our favorite season because it signifies the release of our annual State of Software Security (SOSS) report. Each year, we welcome the opportunity to share with the industry our insights into common vulnerabilities found in software and how organizations are measuring... READ MORE

Can DevSecOps Boost Your Bottom Line?

eschuman's picture
By Evan Schuman June 25, 2018
How can AppSec affect your bottom line?

One of the sad truths about security is that it has typically been viewed by enterprise C-level executives as akin to an insurance policy – necessary, but would never produce profits, boost revenue, or attract new customers. But are those long-held perceptions changing? A recent CA study found that they might be. The study found that companies that prioritized security efforts in app development... READ MORE

Do you trust your builds, or build what you trust?

mang's picture
By Ming Yi Ang March 5, 2018

We gave a talk on detecting malicious builds with Build Inspector, Do you trust your builds, or build what you trust?, at Null Singapore a week ago. In this blog post, we provide a summary of the talk which involves describing the dangers of trusting Open-Source and the steps you can take to detect these threats. Pretext The rapid increase of Open-Source Library Growth is seen in the past few... READ MORE

Research Report: DevSecOps Provides a Competitive Edge

jzorabedian's picture
By John Zorabedian January 23, 2018  | Research
DevSecOps Research Report

CA Technologies has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development... READ MORE

Crypto Mining Web App POC

asharma's picture
By Asankhaya Sharma December 10, 2017

A few months back in a previous post we gave a POC for malware embedded in an enterprise Spring MVC app. Then we got to thinking, what if we pwn3d a web app with malicious code and turned the result into a self-paying crypto-currency miner? You could give the owner of the site the option to either pay the ransom or just let the mining operation complete, at which point their files get decrypted,... READ MORE

How Are We Securing the Booming Digital Economy? Our Latest Survey Results

sciccone's picture
By Suzanne Ciccone December 8, 2017  | Intro to AppSec
Are business leaders concerned about securing their digital initiatives?

The holiday season is upon us; are you buying all your gifts at the mall? Probably not. Many, if not most, of you are going to research, purchase and pay for all your holiday gifts online this year. Digitization is everywhere – changing every interaction and transaction. But it seems like breaches are everywhere as well – affecting all industries in all geographies. Are business leaders simply... READ MORE

AppSec in Review Podcast: How Developers Respond to Security Findings

jzorabedian's picture
By John Zorabedian December 5, 2017  | Secure Development | Research
AppSec in Review: How Developers Respond to Security Finding

We recently published the State of Software Security Developer Guide, based on real application security testing data. Among the key takeways, the data in the report offers strong evidence that eLearning, security training, and DevSecOps practices have a positive effect on developers' effectiveness at fixing flaws in their code. In this episode of the AppSec in Review podcast, Evan Schuman and... READ MORE

What Developers Need to Know About the State of Software Security Today

jzorabedian's picture
By John Zorabedian November 28, 2017  | Research
State of Software Security Developer Guide

We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great software that’s also secure software. This report offers the... READ MORE

Machine Learning at SourceClear

asharma's picture
By Asankhaya Sharma October 24, 2017

As you may know, SourceClear has the world’s most complete, accurate, and up-to-date database of verified vulnerabilities in open-source code. But what’s more important is that more than half of the vulnerabilities in our database are not available anywhere else and have no public disclosures. How do we manage to hunt these vulnerabilities from thousands of open-source libraries? Certainly, it... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu