Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Top Takeaways From Veracode’s Developer Survey

jzorabedian's picture
By John Zorabedian December 21, 2016  | Secure Development

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE

The Future of AppSec is DevSecOps

jlavery's picture
By Jessica Lavery December 19, 2016  | Secure Development
What's next for application security in 2017?

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE

You’re Invited: A DevOps Dinner Party

ktcampbell's picture
By Katie Campbell December 16, 2016  | Secure Development

With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours... READ MORE

5 Ways to Keep Your Applications Safe From Vulnerable Components

TJarrett's picture
By Tim Jarrett December 1, 2016  | Secure Development

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE

How One Open Source Component Put Up to 25% of Java Applications at Risk

TJarrett's picture
By Tim Jarrett November 30, 2016  | Secure Development
Open Source Component Risk

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE

Why the Ransomware Attack on San Francisco Is Such a Big Deal

TJarrett's picture
By Tim Jarrett November 29, 2016  | Secure Development
Ransomware attack on San Francisco Municipal Transportation Authority

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE

Your Secure Coding Partner: Introducing Veracode AppSec Tutorials

twhite's picture
By Tyler White November 22, 2016  | Secure Development
Using Developer Pairing to Improve Productivity

The driver races ahead, attempting to stay on track as his speed is slowly increasing. Right beside him the navigator sits, guiding the driver’s efforts through his treacherous endeavor. They are both striving to keep pace with the other, as the intensity is ramping up. Everything is about to spin out of control. Then the alarm goes off, and the driver backs away from the keyboard to now... READ MORE

What Developers Should Know About the State of Software Security

jzorabedian's picture
By John Zorabedian November 3, 2016  | Secure Development
State of Software Security: Developer Takeaways

Our latest research into the State of Software Security has something for everybody. For AppSec managers, the report offers evidence that application security is improving, although not as much as we’d like, with a slight lift since our last report in the percentage of applications passing OWASP top 10 policy. But what does our analysis, drawn from billions of lines of code over the past 18... READ MORE

When Infrastructure-as-Code Meets Continuous Delivery

akaufman's picture
By Adam Kaufman November 2, 2016  | Secure Development
Continuous Delivery of Infrastructure

We all remember a time when setting up infrastructure meant racking servers, running cables and managing a web of networking by hand. Indeed, this is still very common and quite necessary for many organizations. Thankfully, though, for those of us who are lucky enough to work in a cloud environment, there’s a newer – some might say better – way. At Veracode, we’ve recently... READ MORE

Why You Should Embrace Failure in Your Development Culture

TJarrett's picture
By Tim Jarrett October 24, 2016  | Secure Development
It is helpful to fail fast in devops.

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu