Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures

jzorabedian's picture
By John Zorabedian August 17, 2017  | Security News
DevSecOps Global Skills Survey

The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply. Now, a survey of development and IT professionals, conducted by Veracode and DevOps.com, has... READ MORE

Big Win! Veracode Sweeps Web Application Security Category in CRN’s 2017 Annual Report Card

lbois's picture
By Leslie Bois August 16, 2017  | Security News

I am thrilled to announce that Veracode has swept the Web Application Security category of CRN®‘s 2017 Annual Report Card (ARC) awards program. Veracode was selected as the highest rated web application security vendor by solution providers in a satisfaction survey which evaluated vendors based on product innovation, support and partnership.       This year marks the 32nd... READ MORE

What You Need to Know About the Latest Trends in AppSec Regulations

TJarrett's picture
By Tim Jarrett August 8, 2017  | Security News
trends in appsec regulations

As major data breaches continue to expose customers’ sensitive data and cause major monetary and reputation damage to organizations, regulators are taking notice. Two recent major regulations – the EU Global Data Protection Regulation (EU GDPR) and NY State Department of Financial Services (NY DFS) Cybersecurity Regulations – are unprecedented in their scope and depth. Considering the prominence... READ MORE

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

We're Already at Cyberwar (and We're Losing)

jzorabedian's picture
By John Zorabedian July 25, 2017  | Security News
Cyberwar and Election Hacking

Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hackers... READ MORE

Testing the Fences: Software Security Is National Security

jlavery's picture
By Jessica Lavery July 5, 2017  | Security News
Jurassic Park Fences like AppSec?

There is a scene in the movie Jurassic Park where we witness just how smart the velociraptors are. In order to find a way out of their enclosure, the carnivorous dinosaurs are systematically testing the electric fences for weaknesses, making note of where the fences are weakest and where they are strongest. Once a vulnerability is found in the system (in this case a disgruntled employee turning... READ MORE

Why Prevention Is the Only Answer

bfitzgerald's picture
By Brian Fitzgerald June 30, 2017  | Security News

Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them inside, monitor their actions, and then... READ MORE

The Next Petya Will Be Worse – Why Software Development Must Change

jzorabedian's picture
By John Zorabedian June 28, 2017  | Security News
Petya Ransomware Attack

Another major cyberattack hit computer networks around the globe on Tuesday, beginning in the Ukraine, when a paralyzing ransomware struck websites of government agencies, banks, transportation, and power plants, before spreading to Russia, the UK, U.S., and other nations. Coming just weeks after the WannaCry ransomware wreaked havoc, this new attack – initially believed to be a strain of the... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Veracode Survey Research Shows Shift to DevOps and DevSecOps

jzorabedian's picture
By John Zorabedian June 14, 2017  | Security News
DevOps and AppSec Survey

With the proliferation of attacks and breaches at the application layer, it's clear that application security testing is a growing necessity. What's less clear is how organizations can hope to bridge the gap between the priorities of development, operations, and security teams. To understand how organizations are handling these challenges, Veracode partnered with ESG to conduct a survey of IT... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.