Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

FAQs About the New York DFS Cybersecurity Regulation

jzorabedian's picture
By John Zorabedian January 3, 2017  | Security News
New York DFS Cybersecurity Regulation

A new cybersecurity regulatory regime will go into effect this year in New York – the world’s financial capital and home to many banking, insurance and financial services organizations. The proposed cybersecurity regulation, known as 23 NYCRR 500, has grabbed the attention of impacted companies doing business in New York, and others who might be anticipating cybersecurity... READ MORE

App Security Deserves Far More IT Respect

eschuman's picture
By Evan Schuman December 15, 2016  | Security News

App Security today is the Rodney Dangerfield of IT security. Everyone knows about it, but it gets no respect. Isn't it obvious that because apps are granted greater data-sharing with other apps and the ability to update itself—directly to the mothership—without IT signoff, that perhaps this should soar to the top of the danger list? Apparently not. Consider just a few examples... READ MORE

Holiday Short-Duration Sites Deliver Long-Duration Headaches

eschuman's picture
By Evan Schuman December 12, 2016  | Security News
Seasonal marketing websites are long term security risks if not properly inventoried!

The holiday season is now upon us, which means retail pop-up stores and seasonal sites. Those are all good for merchants, good for gift-seeking shoppers and potentially very good news for cyberthieves hoping for vulnerable sites that can fuel fraud. Why, you might ask, would a retailer with robust anti-fraud and other security measures forego those efforts for a seasonal site? First, they do and... READ MORE

Podcast: Critical Infrastructure with Dick Clarke

ndupaul's picture
By Neil DuPaul November 22, 2016  | Security News
Critical infrastructure cybersecurity measures.

How do you convince companies and nation states to protect against attacks that haven't happened yet? That's the sort of question we ponder today in our latest podcast with Richard Clarke, Veracode Board Member and former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States. Richard walks us through how he thinks about convincing... READ MORE

How Safe Is It Letting Google And Apple Be Your App Security Team?

eschuman's picture
By Evan Schuman November 10, 2016  | Security News

Malware threats are ever-present in mobile and this needs to be a top concern for IT execs, as they continue to issue millions of mobile devices to enterprise workers daily. An interesting piece ran in late October at TechTarget examining the protections—or lack of same—that exist for Android apps. It was a legitimate exploration of the issue and it noted that protections are much... READ MORE

The Top 10 Application Vulnerabilities [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian November 4, 2016  | Security News
Top 10 Scariest Application Vulnerabilities

Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary. To create our list, we analyzed 300,000 static and dynamic application assessments and billions of lines of code, over 18 months. From this analysis we determined... READ MORE

Can Security And The App Economy Learn To Get Along?

eschuman's picture
By Evan Schuman November 1, 2016  | Security News
Will the app economy ever care about security?

The App Economy is streamrolling along and has the very legitimate potential to rewrite so much of how businesses use technology. Uber obliterated Yellow Taxis, Pandora and Spotify has all but made FM radio irrelevant and streaming video has forced TV and movie theaters to sit in the back seat. But here's the frightening part: Security has also been demoted. Consider a recent study where,... READ MORE

Why I Joined Veracode: Colin Domoney

cdomoney's picture
By Colin Domoney October 31, 2016  | Security News
Software powers the world.

I recently joined Veracode after spending five years managing application security at a global investment bank. I’m sharing a bit about my background and reasons for joining Veracode in the hope that my experience helps others trying to work security into software development. Software’s foundational role My career as a developer began in South Africa, where I learned cryptography and... READ MORE

*Sigh* More Proof Of App Weak Security

eschuman's picture
By Evan Schuman October 27, 2016  | Security News
Proof of weak app security.

It's becoming increasingly clear to IT how critical it is to keep applications secure. One problem, though, with keeping apps secure is making sure that they at least started out secure, which is harder than it should be. Consider this scary piece from Engadget where they found that security in the mobile Android world—specifically apps in Google's Play Store—is rather... READ MORE

Bridging the Cybersecurity Information Gap in Higher Education

amcguinness's picture
By Amanda McGuinness October 25, 2016  | Security News
To fix the security skills gap, we need to go back to school.

Cybersecurity professionals are some of the most highly sought after candidates in the job market. With most businesses taking advantage of web applications to streamline their operations, every company is a software company - and they all need security. Before now, the position of security professional remained a bit cryptic. More traditional roles in marketing or sales demonstrated obvious... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu