Posts from the Veracode security research team that zero in a bit on new ideas, trends, and technology. The content here will help deepen your understanding of various application security topics and satisfy the technically-inclined reader.

Better Criteria for Selecting Pen Test Consultants

CEng's picture
By Chris Eng February 27, 2007  | Research 3

An article was forwarded to me today, entitled Avoid Wasting Money on Penetration Testing. While the core message is on target (i.e. be sure you know what you are getting before you sign on the dotted line), the suggestions for how to achieve this are misleading. Let's examine the "5 steps to choosing a supplier" outlined in the article: Ask if their consultants have passed an... READ MORE

The Software Trustworthiness Framework (STF©)

cwysopal's picture
By Chris Wysopal January 30, 2007  | Research

[Today we have our first guest blog entry from Elfriede Dustin. Elfriede is a co-author of "The Art of Software Security Testing" and has written a few books on software testing, most notably, "Automated Software Testing" published by Addison-Wesley in 1999. We have heard plenty from security experts on how to fix the software development process to produce more secure... READ MORE

Vulnerability Disclosure in the new “Software in the Cloud” World - Part II

cwysopal's picture
By Chris Wysopal January 17, 2007  | Research

In part I of this article I wrote about the history of vulnerability research and how researchers having legal access to the software and hardware they need to conduct their research is a pre-requisite. This is why there was such little research on software before 1996. Not only is legal access important but being able to run the software in a lab environment is important. Pure black box testing... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu