Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Striking the Right Balance Between Security and Functionality

eschuman's picture
By Evan Schuman March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

jzorabedian's picture
By John Zorabedian March 22, 2017  | Security News
WikiLeaks vulnerability disclosure

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the... READ MORE

Podcast: How to Approach the NY DFS Cybersecurity Regulations - AppSec in Review

sciccone's picture
By Suzanne Ciccone March 21, 2017  | Security News

How should you approach the new NY DFS cybersecurity regulations? In Episode 3 of Veracode's AppSec in Review podcast, Evan Schuman and Veracode's Brian Fitzgerald discuss how these regulations differ from past requirements and best practices for addressing them. They explore, among other things: The opportunity to use these regulations as a framework for a solid security program The... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 15, 2017  | Security News
Strange application security failures

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

How We Were Able to Respond to Struts-Shock for our Customers

jlavery's picture
By Jessica Lavery March 14, 2017  | Security News
Struts-shock Response

The use of open source components in software development increases both the speed of software development as well as risk. Our recent State of Software Security report found that approximately 97 percent of Java applications contained at least one component with a known vulnerability. An open source component with a known vulnerability is an attractive target for cybercriminals. Instead of... READ MORE

Android App Holes Means You're On Your Own

eschuman's picture
By Evan Schuman March 13, 2017  | Security News

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE

Podcast: Skills You Need to Succeed in the Digital Economy

jlavery's picture
By Jessica Lavery March 13, 2017  | Security News

The growing need for proficient software developers to help power our digital economy has created a skills gap that companies are trying to fill. There are jobs, but there aren’t people with the right skills to fill them. This creates a great opportunity for those looking to switch or just staring their careers. But for what skills are companies looking? What can universities and... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

jzorabedian's picture
By John Zorabedian March 9, 2017  | Security News
Struts-Shock Vulnerability Affecting Apache Struts 2

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is... READ MORE

Bringing CA and Veracode Together

jlavery's picture
By Jessica Lavery March 7, 2017  | Security News

CA’s CEO Mike Gregoire and Veracode’s CEO Bob Brennan discuss how the acquisition of Veracode by CA will help make security a seamless, integrated part of the development process, enabling secure DevOps and helping customers hasten their path to revenue.   READ MORE

RSA Conference 2017 Recap

Neil's picture
By Neil DuPaul March 2, 2017  | Security News
RSA Conference 2017 Wrap Up

After four years of providing web-based support to Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu