Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

5 Ways to Keep Your Applications Safe From Vulnerable Components

TJarrett's picture
By Tim Jarrett December 1, 2016  | Secure Development

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE

How One Open Source Component Put 25% of Java Applications at Risk

TJarrett's picture
By Tim Jarrett November 30, 2016  | Secure Development
Open Source Component Risk

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE

Why the Ransomware Attack on San Francisco Is Such a Big Deal

TJarrett's picture
By Tim Jarrett November 29, 2016  | Secure Development
Ransomware attack on San Francisco Municipal Transportation Authority

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE

Your Secure Coding Partner: Introducing Veracode AppSec Tutorials

twhite's picture
By Tyler White November 22, 2016  | Secure Development
Using Developer Pairing to Improve Productivity

The driver races ahead, attempting to stay on track as his speed is slowly increasing. Right beside him the navigator sits, guiding the driver’s efforts through his treacherous endeavor. They are both striving to keep pace with the other, as the intensity is ramping up. Everything is about to spin out of control. Then the alarm goes off, and the driver backs away from the keyboard to now... READ MORE

What Developers Should Know About the State of Software Security

jzorabedian's picture
By John Zorabedian November 3, 2016  | Secure Development
State of Software Security: Developer Takeaways

Our latest research into the State of Software Security has something for everybody. For AppSec managers, the report offers evidence that application security is improving, although not as much as we’d like, with a slight lift since our last report in the percentage of applications passing OWASP top 10 policy. But what does our analysis, drawn from billions of lines of code over the past 18... READ MORE

When Infrastructure-as-Code Meets Continuous Delivery

akaufman's picture
By Adam Kaufman November 2, 2016  | Secure Development
Continuous Delivery of Infrastructure

We all remember a time when setting up infrastructure meant racking servers, running cables and managing a web of networking by hand. Indeed, this is still very common and quite necessary for many organizations. Thankfully, though, for those of us who are lucky enough to work in a cloud environment, there’s a newer – some might say better – way. At Veracode, we’ve recently... READ MORE

Why You Should Embrace Failure in Your Development Culture

TJarrett's picture
By Tim Jarrett October 24, 2016  | Secure Development
It is helpful to fail fast in devops.

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Questions You Should be Asking Your Application Developer Candidates

bcardinale's picture
By Brian Cardinale October 19, 2016  | Secure Development
What questions do you ask a developer applicant to determine security competence.

Old habits die hard. The following questions will help you avoid hiring developers with bad habits. Developers with bad habits are prone to baking in those habits into the overall application architecture. There are two fronts in the war of protecting your applications. The first front is reactive. It is your code maintainers patching flaws in old code bases. The second front is happening right... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

jzorabedian's picture
By John Zorabedian October 19, 2016  | Secure Development
Google vulnerable to insecure code.

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

What Sports Can Teach Us About Secure DevOps

jzorabedian's picture
By John Zorabedian October 6, 2016  | Secure Development
What sports can teach us about devops. View of crowded stadium.

It’s a special time of year for sports fans like me. After a great summer featuring the Olympics and the Euro Cup, it’s time once again for the Major League Baseball playoffs, while both of my favorite football leagues (NFL and Premier League) are well underway for the season. One of the things I love about sports is they seem to offer so many parallels to other aspects of life,... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu