Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

What Developers Need to Know About the State of Software Security Today

jzorabedian's picture
By John Zorabedian November 28, 2017  | Research
State of Software Security Developer Guide

We recently published our annual research report, the State of Software Security, analyzing data from 400,000 application scans over 12 months spanning 2016 and 2017. Now we’re issuing a State of Software Security Developer Guide, featuring additional data and analysis aimed at helping developers meet the goal of creating great software that’s also secure software. This report offers the... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

How to Get Started With a Veracode Greenlight Free Trial

jworthington's picture
By Janet Worthington November 16, 2017  | Secure Development
Veracode Greenlight Free Trial

You never want to be the developer that wrote and submitted vulnerable code into production, especially if it leads to a data breach. Yet, in many organizations that have adopted DevOps practices, application security testing is shifting left into development. It’s far faster to catch and fix security flaws while you’re coding, than trying to go back and fix everything at the end of the process.... READ MORE

Running SourceClear in a Docker Container

jnichols's picture
By Jason Nichols October 4, 2017

A lot of customers ask about running SourceClear from within a Docker container on their build node. Here is how to do it. Customize this to suit your exact needs. Throughout the blog I assume that you've got a project named myproject. The steps to follow are: Build an Ubuntu based Docker image containing your project's source code Run the Docker image, which downloads and installs the latest... READ MORE

How Third-Party and Open Source Components Build Hidden Risk Into Software

jzorabedian's picture
By John Zorabedian September 25, 2017  | Secure Development
Risk of software components

Whenever there’s a major data breach announced in the news, I think about how there must be other breaches happening that we don’t even know about. Because, although cyberattackers frequently target known vulnerabilities in software, the victims are unlikely to know they were vulnerable until it is too late. As today’s software is increasingly assembled from bits and pieces of open source... READ MORE

Top 3 Ways Veracode’s Integrations Make Developers' Jobs Easier

mloughlin's picture
By Maria Loughlin September 19, 2017  | Secure Development
Veracode integrations make development's job easier

As software increasingly plays a critical role in how organizations conduct business, we are seeing two trends emerge: 1. Organizations want more software produced faster. 2. Cyberattackers are finding software a more attractive target. For developers, all the above means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software is... READ MORE

Confessions of an Insecure Coder

lmercer's picture
By Laurie Mercer September 11, 2017  | Managing AppSec
How SQL injection happens

My name is Laurie Mercer, and I have introduced a security vulnerability into software. The year was 2004. As I travelled to work, Franz Ferdinand and The Killers blared on my cool new iPod. I was a developer, my first proper job after graduating with a degree in computer science and moving to the big city. Responsible for implementing functional changes, I would code new forms and business logic... READ MORE

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

We're Already at Cyberwar (and We're Losing)

jzorabedian's picture
By John Zorabedian July 25, 2017  | Security News
Cyberwar and Election Hacking

Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hackers... READ MORE

Announcing Updates to Veracode Integrations to Microsoft Visual Studio Team Services, Team Foundation Server and Visual Studio

TJarrett's picture
By Tim Jarrett July 24, 2017  | Secure Development
Updates to Veracode integrations

We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu