Research

Posts from the Veracode security research team that zero in a bit on new ideas, trends, and technology. The content here will help deepen your understanding of various application security topics and satisfy the technically-inclined reader.

Spring, RabbitMQ & Dead Letter Exchanges

pambrosini's picture
By Paul Ambrosini April 26, 2015

RabbitMQ has become a staple for building job queues between the myriad of spring boot micro-serivces I've built at SRC:CLR. The Spring abstraction has allowed for quick and mostly painless development. What I hadn't found a need for was RabbitMQ's "Dead Letter Exchange" setup. Multiple times there had been discussions about using the dead letter pattern but I'd never gone that route. During one... READ MORE

Nuances of two-way Data Binding in AngularJS

twaneka's picture
By Tyler Waneka March 12, 2015

When I first started looking at front end frameworks, all anyone wanted to talk about when it came to AngularJS was two-way data binding. You just connect the Model and the View and when one changes, so does the other. It's magic! It's one of the more glittery feature of AngularJS, and at times it can be extremely useful. But, what's the cost? There's always a cost. With data-binding, the (... READ MORE

Crypto Bliss with AWS KMS

jnichols's picture
By Jason Nichols March 1, 2015

So you've got a last minute requirement to secure your customer data by encrypting it at the database level? Don't panic. Take a deep breath, keep calm, and read on... Previously, I discussed some of the higher level concerns and pitfalls with attempting to roll your own key management. In today's post I'm going to dive into the details about how to do it without reinventing the wheel. Let's... READ MORE

GHOST Highlights How Vulnerable Components Can Haunt an Enterprise

cwysopal's picture
By Chris Wysopal February 2, 2015  | Research

Last week, a security alert was issued disclosing a critical buffer overflow vulnerability on Linux systems. The vulnerability known as GHOST (CVE-2015-0235) impacts applications running on Linux systems using glibc version 2. This is a serious vulnerability because it has a high impact when exploited, and the vulnerability is very widespread, due to the sheer number of public-facing Linux... READ MORE

The Fog of War: How Prevalent Is SQL Injection?

TJarrett's picture
By Tim Jarrett January 23, 2015  | Research
Code security against SQL injection.

Security statistics are complicated, and there’s a lot of fog of war around some fundamental questions like: how common are SQL Injection flaws? A pair of interesting articles over the last day have illustrated some of the challenges with answering that question. A company called DB Networks announced that it had found an uptick in SQL Injection prevalence in 2014, which had appeared to be... READ MORE

Automated Unit Test Generation for Java

asharma's picture
By Asankhaya Sharma January 4, 2015

Unit testing is an important aspect of software development. Having a proper test suite for your project can help detect bugs early and prevent regressions. Wouldn't it be great if we could generate unit test cases automatically? Well, it is certainly possible and I will explain in this article how you can do so for Java. Recently, I had a chance to look at unit test case generation for Java. I... READ MORE

Shellshock – what you need to know

cwysopal's picture
By Chris Wysopal September 25, 2014  | Research

shellshock-a-bug-called-bash.png News of the Bash Bug/Shellshock vulnerability is being widely covered since the Ars Technica article published yesterday afternoon.  There is speculation that this bug is going to be more catastrophic than Heartbleed, and like the much publicized OpenSSL vulnerability, we won’t know the full extent of its impact for some time. There are... READ MORE

Misfeatures Strike Again

MElliott's picture
By Melissa Elliott September 25, 2014  | Research

image00.png Bash – the Unix shell – came out when I was fourteen months old. It was a replacement for a similar program that came out eleven years before I was born. By the time I was learning to read, it’d already had years to mature and stabilize. The very first time I ever sat down at a Linux prompt, bash was fifteen years old. It’s now twenty-five. From... READ MORE

Abstinence Not Required: Protecting Yourself Until the Privacy Utopia Arrives

CEng's picture
By Chris Eng September 3, 2014  | Research

Nude photos of various celebrities were leaked to all corners of the Internet a few short days ago. You already know that by now. Thank you iCloud???? — Kirsten Dunst (@kirstendunst) September 1, 2014 As we wait impatiently for the rest of the gory technical details surrounding the compromise(s), many in the security echo chamber have been debating how we ended up here and whether the... READ MORE

Stop Freaking Out About Facebook Messenger

CEng's picture
By Chris Eng August 12, 2014  | Research

Facebook recently announced that mobile chat functionality would soon require users to install Facebook Messenger. Fueled by the media, many people have been overreacting about the permissions that Messenger requests before taking time to understand what the true privacy implications were. In a nutshell, Messenger is hardly an outlier relative to the other social media apps on your phone. Why the... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu