Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Podcast: Key Takeaways From Veracode's Latest State of Software Security Report

Key SoSS Takeaways 2017

Veracode just published its latest “State of Software Security” report, get it here. Based on Veracode Platform data, these “SoSS” reports have been offering a goldmine of intelligence about how organizations are approaching AppSec since 2011. This year’s report is no different. Evan Schuman recently sat down with Veracode’s Director of Product Management Tim Jarrett to discuss the findings... READ MORE

What's New in the State of Software Security 2017 Report

jzorabedian's picture
By John Zorabedian October 18, 2017  | Security News
State of Software Security 2017

In the past year, we’ve seen an unprecedented series of cyber assaults on democratic elections, ransomware attacks that spread around the world affecting hundreds of thousands of systems in more than 150 countries, and record-breaking data breaches. If we’re going to address this growing crisis effectively, we need a probing inspection of root causes, and fearless prescriptions for new ways... READ MORE

A Very V-E-R-Y Long Day Without Software

eschuman's picture
By Evan Schuman October 11, 2017

Over the summer, some friends at Veracode approached me and asked if I would be willing to help them with an experiment. Could I, they wanted to know, spend an entire day neither using nor leveraging any software whatsoever. They bet me that I couldn’t. I love a challenge as much as any journalist so I said “Sure. How hard could it possibly be?” The point of this is to make business people better... READ MORE

Making Our Static Analysis Even Better: Announcing Support for the Scala Language and the Boto3 Framework

jjanego's picture
By Jon Janego October 4, 2017  | Security News
Announcing Veracode Support for Scala and Boto3

As development speed has skyrocketed, security testing has shifted “left,” where it increasingly falls within the realm of the developer, rather than the security team. Today, modern application security programs feature centralized governance by security, but testing and fixing are owned by development in an automated fashion throughout the build process. In this approach, security owns setting... READ MORE

Podcast: Apache Struts 2 and the Irish Potato Famine

sciccone's picture
By Suzanne Ciccone September 28, 2017  | Managing AppSec
Apache Struts 2

More than you might think. Just as the reliance on a single species of vulnerable-to-blight potato created widespread devastation in 1800s Ireland, today’s reliance on vulnerable components creates a similar ripple effect. In both cases, compromise of a single vulnerability spread its consequences widely and rapidly. The Potato Famine’s consequences were obviously more devastating, but although... READ MORE

Will Websites Be the Next Target of Ransomware Attacks?

cdomoney's picture
By Colin Domoney September 28, 2017  | Managing AppSec
Will websites be the next ransomware target?

Recent research by Wordfence indicates that Wordpress might be the next big ransomware target. Wordfence found that certain Wordpress plugins exhibit malicious behaviour in the form of ransomware against the host website. Typically, these plugins will encrypt the data on the website, thereby rendering it non-functional, and then attempt to extort payment from the owner in order to decrypt the... READ MORE

Podcast: How to Fix the Widening AppSec Skills Gap

lpaine's picture
By Laura Paine September 20, 2017  | Security News
AppSec Skills Gap Podcast

The AppSec Skills Gap Is Widening Nearly 20% A Year. Here's How We Fix It. A recent survey from Veracode and DevOps.com found that the majority of IT and development professionals weren’t required to take security courses in college – and they’re not receiving the necessary training from their employers. So, we have to ask: where does the fault lie? Should universities ramp up their security... READ MORE

Veracode’s Colin Domoney Nominated as Security Leader of the Year

hcampbell's picture
By Helena Campbell September 18, 2017  | Security News
Colin Domoney nominated as security leader of the year

We’re pleased to announce that our colleague Colin Domoney, a consultant solutions architect for Veracode, was recently nominated for a Security Leader of the Year award. Organised by Information Age, Tech Leaders Awards is Britain's flagship celebration of tech leaders, honouring those at the forefront of disruption and innovation and playing a central role in driving business value... READ MORE

How a Single Phone Call Can Compromise Your Company

ckirsch's picture
By Chris Kirsch September 13, 2017
Social Engineering CTF at DEF CON

I’d read about social engineering for a few years before I first stepped into the Social Engineering Village at DEF CON 20. But I didn’t grasp the power of this type of attack until I watched a live call during which employees of major companies simply offered up all the information needed to breach their systems – no technology required. I was hooked. In case you’re not familiar with social... READ MORE

Jenkins World 2017: DevSecOps, It’s Not You, It’s Not Me, It’s We

jcoletta's picture
By Joe Coletta August 24, 2017  | Security News

At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including DevOps.com’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hinder the development process. Recent... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu