Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Insecure code cited in Facebook hack impacting nearly 50 million users

lpaine's picture
By Laura Paine September 28, 2018
Details on Facebook breach

On Sept. 28, Facebook announced via its blog that it discovered attackers exploited a vulnerability in its code that impacted its "View As" feature. While Guy Rosen, VP of product management, notes that the investigation is still in its early stages, the breach is expected to have affected 50 million accounts. It is unclear at this stage whether these accounts were misused or if any personal... READ MORE

New Apache Struts Vulnerability Highlights Need for Software Composition Analysis

lpaine's picture
By Laura Paine August 24, 2018
Get details on the new Apache Struts vulnerability.

On Aug. 22, the Apache Software Foundation announced that a new critical remote code execution vulnerability was found in Apache Struts 2 (CVE-2018-11776). According to the Semmle Security Research Team, who first identified and reported the vulnerability, this flaw is "more critical" than the Struts vulnerability behind the massive data breach that exposed the personal information of 143 million... READ MORE

State of Software Security: Insight Into Government Sector Application Security And Guidance For Policy Makers

lpaine's picture
By Laura Paine May 15, 2018

In 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of two massive data breaches. These breaches are thought to be a result of gaining valid user credentials to the systems they were hacking through social engineering, as well as through a malware package which installed itself within OPM’s network and established a backdoor. Attackers then... READ MORE

Video: State of the Current Threat Landscape (RSA 2018)

lpaine's picture
By Laura Paine May 8, 2018

During this year's RSA Conference, Highwire PR and WSJ Pro Cybersecurity hosted several panel discussions, including this one with CA Veracode CTO Chris Wysopal. Chris joined Andrea Limbago, chief social scientist at Endgame, Michael Daniel, president and CEO of Cyber Threat Alliance, to talk about the current and evolving threat landscape. Throughout the panel, you'll learn more about... READ MORE

CA Veracode recognized for world-class Channel Program and Channel Chief for Second Consecutive Year

lpaine's picture
By Laura Paine April 27, 2018

For the second year in a row, CA Veracode has received several accolades from CRN, a brand of The Channel Company and one of the industry’s top sources for news and analysis for the IT channel. CA Veracode’s world-class Partner Program received the 5-Star Rating in CRN’s 2018 Partner Program Guide, and Leslie Bois, vice president, global channels and alliances, was named to its prestigious... READ MORE

Online Trust: Do Executives, Consumers and Security Pros Define It Differently?

jlavery's picture
By Jessica Lavery April 20, 2018

We are in the midst of the fourth industrial revolution. Instead of steam machines or textiles, our economy is becoming ever more tied to technology. In order for our digital economy to thrive, we as a collective society need to have trust in our technology. Yet, the technology world has done very little to earn that trust. During RSA David Duncan, VP, Product Marketing and Mark McGovern, VP,... READ MORE

RSAC Panel Discussion: How can we protect our digital society?

jlavery's picture
By Jessica Lavery April 20, 2018

During the RSA conference Sam King, general manager of CA Veracode lead an engaging discussion with Art Coviello, former CEO of RSA and Robert Knake, senior fellow for cyber policy at the Council on Foreign Relations and senior research scientist at Northwestern University’s Global Resilience Institute. While the conversation touched on a variety of topics, the prevailing theme was on the need... READ MORE

Components: Increasing Speed and Risk

jlavery's picture
By Jessica Lavery April 19, 2018

Open source component vulnerabilities have been a hot topic in the security industry as well as in the media. It used to be the main concern in software development was making sure you testing throughout the SDLC. While this is still a crucial part of making sure your software is secure, component security has grown in importance. As Tim Jarrett, Director of product management at CA Veracode... READ MORE

Building a Security Awareness Ambassador

jlavery's picture
By Jessica Lavery April 19, 2018

Lance Spitzner, Director, SANS Institute The security skills gap is well documented. There just aren’t enough security professionals in the workforce to help secure our digital economy. Even if there were, scaling to the number of security professionals needed to create a comprehensive security program alone would not solve the security problem, especially in AppSec. During this talk, Lance... READ MORE

DevOps Connect: DevSecOps Day at RSA demonstrates how the thinking around secure software has evolved

jlavery's picture
By Jessica Lavery April 17, 2018

RSAC 2018 kicked off today with DevOps Connect: DevSecOps Day @ RSAC 2018. This full day event featured speakers security vendors, security practitioners and development teams.  It was interesting to compare the perspectives of the security and development teams when it comes to software security. What was even more interesting was how similar their perspectives are, and to see them... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu