Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Java Crypto Libraries Go Modular

msheth's picture
By Mansi Sheth October 5, 2018
Java crypto code base now modularized

To complement my recent Java Crypto blog series ("How to get Started Using Java Cryptography Securely", "Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)", "Encryption and Decryption in Java Cryptography", "Message Digests, aka Hashing Functions"), I have been referencing corresponding working code on the GitHub repository. I am happy to announce a brand-new, shiny, modularized,... READ MORE

Veracode’s Journey to DevOps: Getting Agile-ish

pchestna's picture
By Pete Chestna August 24, 2018

As I stated in my previous post, in 2012 we started a transition to Agile. Because Veracode was and is always constructively dissatisfied with our current state and we have a culture that embraces learning, we were eager to find a better way. Our internal champion, Tom Hickman, had done this before and he proved himself a great coach and mentor. I will forever be grateful for his guidance. There... READ MORE

Software Quality Is a Competitive Differentiator

mloughlin's picture
By Maria Loughlin July 25, 2018

One of the ironies of DevOps is that while the methodology supports faster and more automated software production, it doesn't boost code quality unless quality is a focus for the software team. As more than a few business leaders have discovered, gaining a competitive edge in the digital economy requires a more concentrated and comprehensive approach. It's no secret that software code powers our... READ MORE

What Security Pros Will Get Out of Our Virtual Summit on Open Source Risk

sciccone's picture
By Suzanne Ciccone July 5, 2018
Get tips and advice on open source library use at our Virtual Summit.

There has been a fundamental shift in the way code is developed in the past 15 to 20 years. Today, developers do far more re-using of existing code than creating code from scratch. Taking advantage of the millions of open source libraries available has become standard operating procedure. And this new model comes with tremendous benefits – both for developers, and for the business – allowing both... READ MORE

How Veracode’s Integrations With Defect-Tracking Systems Enable DevSecOps

mkvitnitsky's picture
By Marina Kvitnitsky June 29, 2018
Details on Veracode's integrations with defect-tracking systems

Software development deadlines are getting shorter. Business requirements are getting more complex, and cybersecurity threats are becoming more real. According to the Accenture report on 2018 State of Cyber Resilience, the average number of targeted attacks has more than doubled between 2017 and 2018. The good news is that security teams are adapting to these constant threats, with the targeted... READ MORE

Optimizing Your Approach to Securing Software Components

Neil's picture
By Neil DuPaul May 30, 2018  | Managing AppSec

The business world increasingly runs on software. It's on computers, in machines and embedded in almost every electronic device available. Today, the typical enterprise runs 372 mission critical applications. Remarkably, data shows that 75 percent of third-party applications don’t comply with OWASP Top 10 security policies, and 97 percent of all scans identify at least one component with a known... READ MORE

Infographic: Reining In Software Component Risk

Neil's picture
By Neil DuPaul April 25, 2018

Open source components have gone mainstream. With every company undoubtedly becoming a software company, open source and commercial components are a vital element in developing applications at the speed of DevOps. But while they’re a powerful tool for adding features and functionalities to applications in relatively short order, they also introduce remarkable security risks.  Learn more from... READ MORE

Customer Success Story: Why CAP COM Chose Veracode

gcoleman's picture
By Gregg Coleman April 18, 2018  | Secure Development
Banking and Finance AppSec

When you work in the banking industry, security is a part of everything you do. And just as important as protecting the money is protecting the integrity of the software it all flows through. But for us at CAP COM Federal Credit Union (CAP COM), ensuring that we were producing secure code had become a bigger priority. As part of redefining our software development lifecycle (SDLC), CAP COM began... READ MORE

Survey: How Teams are Using Software Components in the Age of DevOps

Neil's picture
By Neil DuPaul April 10, 2018  | Managing AppSec
Software component security.

New research: Only 52% of developers using components in their apps update them when a new vulnerability is announced Open source components have gone mainstream. With every company undoubtedly becoming a software company, open source and commercial components are a vital element in developing applications at the speed of DevOps. But while they’re a powerful tool for adding features and... READ MORE

It’s Complicated - Operational Security for Developers

pherzog's picture
By Pete Herzog March 28, 2018  | Managing AppSec
Application porosity - opsec for developers

The life of a commercial software developer is a difficult one. Or at least we have to assume it is because of how many of them half-ass it when code starts to get complicated. Okay, maybe that’s unfair. Maybe it’s not all half-assing. It’s complicated. Literally. There’s many functions that are overly complex. They are so complex with so many variables and interactions as to be actually... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu