Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

What Developers Should Know About the State of Software Security

jzorabedian's picture
By John Zorabedian November 3, 2016  | Secure Development
State of Software Security: Developer Takeaways

Our latest research into the State of Software Security has something for everybody. For AppSec managers, the report offers evidence that application security is improving, although not as much as we’d like, with a slight lift since our last report in the percentage of applications passing OWASP top 10 policy. But what does our analysis, drawn from billions of lines of code over the past 18... READ MORE

When Infrastructure-as-Code Meets Continuous Delivery

akaufman's picture
By Adam Kaufman November 2, 2016  | Secure Development
Continuous Delivery of Infrastructure

We all remember a time when setting up infrastructure meant racking servers, running cables and managing a web of networking by hand. Indeed, this is still very common and quite necessary for many organizations. Thankfully, though, for those of us who are lucky enough to work in a cloud environment, there’s a newer – some might say better – way. At Veracode, we’ve recently... READ MORE

How Dynamic Scanning Without Planning Almost Ruined My Fantasy League

bpitta's picture
By Brian Pitta November 1, 2016  | Managing AppSec
Dynamic scanning in production

“Is your scanner production-safe?” It’s one of the first questions teams ask me when we are discussing Veracode’s Web Application Scanning and black box testing capabilities. For many, this translates to two potential issues: Denial of service (DOS) – will your testing overload my application and take it down? Malicious attacks – if my application is susceptible to SQL injection, will your... READ MORE

Why You Should Embrace Failure in Your Development Culture

TJarrett's picture
By Tim Jarrett October 24, 2016  | Secure Development
It is helpful to fail fast in devops.

One of the counterintuitive features of DevOps culture is a willingness to fail. In our success-oriented culture, this might sound like exactly the wrong direction in which to take your development teams. But a willingness to fail quickly, and often, can paradoxically lead your teams to greater success — provided you do it in a structured way and you learn from your failures. There’s... READ MORE

Questions You Should be Asking Your Application Developer Candidates

bcardinale's picture
By Brian Cardinale October 19, 2016  | Secure Development
What questions do you ask a developer applicant to determine security competence.

Old habits die hard. The following questions will help you avoid hiring developers with bad habits. Developers with bad habits are prone to baking in those habits into the overall application architecture. There are two fronts in the war of protecting your applications. The first front is reactive. It is your code maintainers patching flaws in old code bases. The second front is happening right... READ MORE

Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities

jzorabedian's picture
By John Zorabedian October 19, 2016  | Secure Development
Google vulnerable to insecure code.

This week’s National Cyber Security Awareness Month theme of “recognizing and combating cybercrime” brings up an elementary but crucial point about why our efforts to fight cybercrime seem inadequate for the challenge: it can be really difficult to fix what’s broken even when we know exactly what the problem is. Here’s an example. When a sick patient comes to a... READ MORE

What Sports Can Teach Us About Secure DevOps

jzorabedian's picture
By John Zorabedian October 6, 2016  | Secure Development
What sports can teach us about devops. View of crowded stadium.

It’s a special time of year for sports fans like me. After a great summer featuring the Olympics and the Euro Cup, it’s time once again for the Major League Baseball playoffs, while both of my favorite football leagues (NFL and Premier League) are well underway for the season. One of the things I love about sports is they seem to offer so many parallels to other aspects of life,... READ MORE

Helping Developers Move Faster

jjanego's picture
By Jon Janego October 5, 2016  | Secure Development

Veracode’s mission is to secure the software that powers the world.   And one of the most interesting parts of working here, is that in order to achieve that goal, we get to learn about the entire spectrum of computing technologies.  I think of enterprise software landscapes as similar to evolutionary biology.  There are generations and generations of different... READ MORE

Developer vs. Hacker: Two Sides of the Same Coin?

jzorabedian's picture
By John Zorabedian September 21, 2016  | Secure Development
How much do hackers and developers have in common?

Years ago, when I started my career as a writer, I became a journalist dedicated to informing people and serving the public interest. Later, I became a writer in a marketing role, dedicated to creating content that informs prospects and serves customers. I call upon the same skills to write blog posts and whitepapers that I once did to write news articles. Likewise, journalists may use their... READ MORE

4 Things Developers Have in Common with Hercules and Luke Skywalker

jzorabedian's picture
By John Zorabedian September 19, 2016  | Secure Development
How developers are like Luke Skywalker

The adventurous hero is a common thread in mythology that helps us understand what makes someone great. From Homer’s Odysseus, to George Lucas’s Luke Skywalker, all mythical heroes have traits in common and follow a similar path. Heroes don’t start out that way – they need to prove their mettle by undertaking a long journey and passing a series of tests. The hero must look... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu