Skip to main content

Research

Read about the latest trends, technology, and ideas in application security, including research that shapes the state of software security.

Stay up to date on Application Security

  • Java Crypto Catchup
    Mansi Sheth By Mansi Sheth November 16, 2020Research

    In 2017, we started a blog series talking about how to securely implement a crypto-system in java. How to Get Started Using Java Cryptography Securely touches upon the basics of Java crypto, followed by posts around various crypto primitives Cryptographically Secure Pseudo-Random Number Generator (CSPRNG), Encryption/Decryption, and Message Digests. We also released a Java Crypto Module for READ MORE

  • Today, we released the 11th volume of our annual State of Software Security (SOSS) report. This report, based on our scan results, always offers an abundance of insights and information about software vulnerabilities – what they are, what’s causing them, and how to address them most effectively. This year is no different. With last year’s SOSS Volume 10, we spent some time looking at how much READ MORE

  • Psychological operations, or PsyOps, is a topic I’ve been interested in for a while. It’s a blend of social engineering and marketing, both passions of mine. That's why I found the keynote by Renée DiResta, Research Manager at the Stanford Internet Observatory, particularly interesting.  The Internet Makes Spreading Information Cheap & Easy  Disinformation and propaganda are old phenomena  READ MORE

  • We know firsthand how critical it is for developers and security professionals to have a great working relationship. That extends beyond simply communicating well; for your DevSecOps program to come together so that you can secure your applications, you need to break down silos and improve security knowledge across the board. Recently, Forrester published a report on this very topic that digs READ MORE

  • The popularity of open source libraries isn’t dwindling anytime soon. They’re critical for developer functionality, allowing teams of developers like yours to work faster so they can meet tight deadlines they face on the regular. But some developers may not fully understand the risks that come from using open source libraries, just like the risks we found in State of Software Security: Open READ MORE

  • With the sudden shift to digital that many businesses are facing in response to the pandemic, preventing cyberattacks is more important than ever. According to the FBI, attacks related to COVID-19 have increased 400 percent in recent months. And with data from Gartner showing that 74 percent of companies expect to maintain some level of remote workforce indefinitely, organizations can’t risk READ MORE

  • Today, we published a special supplement to our annual State of Software Security report that focuses exclusively on the security posture of the open source libraries found in applications. Prominent in almost every application today, open source libraries allow developers to move faster by quickly adding basic functionality. In fact, it would be nearly impossible to innovate with software READ MORE

  • Veracoders, like many of you, are facing the new reality of working from home, all day, every day. We have some employees who were already working 100 percent remotely, but also many who were accustomed to life in the office and are making the big shift to remote life. So, it’s not surprising that some Veracoders are completely prepared for this new way of life and some are, well, working with READ MORE

  • It’s a habitual practice we learn from an early age; keeping track of loans and credit card bills reduces overall debt and makes it easier to bring debt down quickly, avoiding those pesky spikes in interest. That very same practice applies to software security testing. Software is tested, vulnerabilities are revealed, and unaddressed vulnerabilities build up over time as interest in the form of READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.