Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

How to Leverage YAML to Integrate Veracode Solutions Into CI/CD Pipelines

krise's picture
By Kevin Rise November 14, 2019
Integrating Veracode into your CI/CD pipeline

YAML scripting is frequently used to simplify configuration management of CI/CD tools. This blog post shows how YAML scripts for build tools like Circle CI, Concourse CI, GitLab, and Travis can be edited in order to create integrations with the Veracode Platform. Integrating Veracode AppSec solutions into CI/CD pipelines enables developers to embed remediation of software vulnerabilities directly... READ MORE

Data Extraction to Command Execution CSV Injection

jrougvie's picture
By Jamie Rougvie September 6, 2019
How to avoid CSV injection

As web applications get more complex and more data driven, the ability to extract data from a web application is becoming more common. I work as a principal penetration tester on Veracode’s MPT team, and the majority of web applications that we test nowadays have the ability to extract data in a CSV format. The most common software installed in corporate environments is Microsoft Excel, and this... READ MORE

The Top Five Web Application Authentication Vulnerabilities We Find

jrougvie's picture
By Jamie Rougvie July 26, 2019
Details on the most common web application authentication vulnerabilities

One of the most important parts of a web application is the authentication mechanism, which secures the site and also creates boundaries for each user account. However, during my years of testing web applications, it’s still very common to find authentication mechanisms with vulnerabilities. I currently work as a principal penetration tester on Veracode’s MPT team, and I would say nine out of 10... READ MORE

Summer Reading and Listening: Dive in, Developers!

jhawks's picture
By Jessica Hawks July 9, 2019

Summer’s longer days and slower pace invite us to pick up a book, follow our questions, and try our hand at something new. At Veracode, I get the chance to talk with our developers about the experiences that led them to the work they do today. How did they begin to cultivate the security-mindedness that they bring to their coding? Was it a book they stumbled upon, a salient moment in the wake of... READ MORE

Summer Reading: Dive Into the Security Classics

dmurphy's picture
By Dan Murphy July 9, 2019

Shakespeare. Brontë. Dickens. In literature, the classics have long been a staple of summer reading lists. Computer security has its own share of classics – reference points that serve as a foundation for understanding the field’s ever-changing chessboard of attack and defense. This list of computer security summer reading can be enjoyed either lounging on the beach with sand beneath your toes,... READ MORE

Live From Gartner Security & Risk Mgmt Summit: Pair Security Trainings With Technical Controls

Live from Gartner Security and Risk Mgmt Summit

“We often forget that technology cannot solve the world’s problems.” That was one of the opening lines of Joanna Huisman’s session “Magic Quadrant for Security Awareness Computer-Based Training” at the Gartner Security & Risk Management Summit in National Harbor, MD. While her Magic Quadrant doesn’t address DevSecOps trainings, I took away some valuable lessons that also apply to this area.... READ MORE

Code makes the world go 'round. Well, code and love. So love your code.

jhawks's picture
By Jessica Hawks March 20, 2019

Your code is powerful, clever, and elegant—but is it secure? More than ever, code makes the world go 'round. From smart home thermostats to critical infrastructure to integrated clinical environments in hospitals, code runs so much of what touches our lives every day. Sometimes we are explicitly aware that we are interacting with software but increasingly we are not—code runs quietly amid the... READ MORE

Veracode included in new Forrester Now Tech: Software Composition Analysis, Q1 2019

pdaly's picture
By Pete Daly February 19, 2019  | Research

Vulnerable components in software lurk everywhere. At the same time, business competitiveness hinges on the speed and quality of software delivery. So, how does an enterprise not only keep up with application security, but also thrive despite the threats posed by risks in their software? A software composition analysis (SCA) solution can help organizations identify known vulnerabilities from open... READ MORE

Java Crypto Libraries Go Modular

msheth's picture
By Mansi Sheth October 5, 2018
Java crypto code base now modularized

To complement my recent Java Crypto blog series ("How to get Started Using Java Cryptography Securely", "Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)", "Encryption and Decryption in Java Cryptography", "Message Digests, aka Hashing Functions"), I have been referencing corresponding working code on the GitHub repository. I am happy to announce a brand-new, shiny, modularized,... READ MORE

Veracode’s Journey to DevOps: Getting Agile-ish

pchestna's picture
By Pete Chestna August 24, 2018

As I stated in my previous post, in 2012 we started a transition to Agile. Because Veracode was and is always constructively dissatisfied with our current state and we have a culture that embraces learning, we were eager to find a better way. Our internal champion, Tom Hickman, had done this before and he proved himself a great coach and mentor. I will forever be grateful for his guidance. There... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 


 

 

contact menu