Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

What's in your Crypto Currency Wallet?

jetanderson's picture
By Jet Anderson December 18, 2017

Keeping up with our theme of cryptocurrency blog posts, especially given all of the hoopla about digital currencies these days, we decided to do a little digging into the relative security of cryptocurrency related open source projects. Wow. Just wow. The names have been changed to protect the guilty, but even we were surprised at the results. In total, we scanned the top five projects with... READ MORE

Crypto Mining Ransomware is Here

mcurphey's picture
By Mark Curphey December 13, 2017

It has been an exciting week. On Monday Jet Anderson and Asankhaya Sharma posted a proof-of-concept piece for a crypto-mining ransomware embedded in a web application. Not a day later we saw it reported that a similar attack was used on a wifi access point at a coffee shop in Australia. The wifi attack simply made the users wait while it silently mined bitcoin. Bitcoin mining malware is no longer... READ MORE

Veracode Named a Leader in The Forrester Wave for Static Application Security Testing

lpaine's picture
By Laura Paine December 12, 2017

I’m always a fan of ending the year on a high note, so you can imagine how excited I am to share the news that Veracode has been named a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017 report by Forrester Research. Forrester ranks its vendors through the detailed evaluation of the 10 most significant vendors in static application security testing (SAST). The report... READ MORE

Podcast: When it Comes to Data Breach Disclosure, When Does the Clock Start Ticking?

lpaine's picture
By Laura Paine November 28, 2017  | Managing AppSec
When do you disclose a data breach?

In the last episode of the Cyber Second Podcast, we talked about the confusing patchwork of rules and laws – state, federal, global – dictating data breach disclosure rules. The common thread in nearly all of the existing regulations is that the disclosure clock starts the very moment that a company becomes aware of the breach. But when does someone truly know something, and who needs to know to... READ MORE

OWASP Top 10 Updated for 2017: Here’s What You Need to Know

jzorabedian's picture
By John Zorabedian November 20, 2017  | Secure Development
OWASP Top 10 2017

For the first time since 2013, the Open Web Application Security Project (OWASP) has updated its top 10 list of the most critical application security risks. According to OWASP, the 2017 OWASP Top 10 is a major update, with three new entries making the list, based on feedback from the AppSec community. This update went through two versions. After the initial release candidate in April 2017 got... READ MORE

Women in Business: Take the Risk!

anielsen's picture
By Anne Nielsen November 17, 2017

We recently hosted Gloria Larson, the President of Bentley University and one of Boston Magazine's “50 Most Powerful People,” at Veracode to talk about diversity with a specific focus on women in business. Our General Manager Sam King and Gloria had a discussion about: President Larson’s career and experience, culminating in her current leadership role The data on diversity in business The role... READ MORE

How to Get Started With a Veracode Greenlight Free Trial

jworthington's picture
By Janet Worthington November 16, 2017  | Secure Development
Veracode Greenlight Free Trial

You never want to be the developer that wrote and submitted vulnerable code into production, especially if it leads to a data breach. Yet, in many organizations that have adopted DevOps practices, application security testing is shifting left into development. It’s far faster to catch and fix security flaws while you’re coding, than trying to go back and fix everything at the end of the process.... READ MORE

Our 2017 State of Software Security Report: Top 5 Takeaways for CISOs

sciccone's picture
By Suzanne Ciccone October 23, 2017  | Security News
Key takeaways for CISOs from our 2017 State of Software Security

We just published our State of Software Security 2017 (SoSS) report, and, as always, it is chock-full of valuable data and insights about the security of applications. Based on 400,000 application scans across our customer base over a recent 12-month period, this year’s report is a gold-mine of intelligence about how organizations are approaching AppSec, what’s working, and what isn’t. This... READ MORE

Podcast: Would A National Data Breach Disclosure Law Create Clarity or Confusion?

lpaine's picture
By Laura Paine October 20, 2017  | Security News

WannaCry and Petya, among other high-profile breaches, have sparked new conversations at Veracode around the potential value of cybersecurity and data breach disclosure legislation. Certainly, data breach disclosure requirements are popping up in just about every state, not to mention global standards, such as GDPR. Although they all insist on timely disclosures, their requirements, rules and... READ MORE

Are We Eating From the Dirty Fork?

mcurphey's picture
By Mark Curphey October 19, 2017

Earlier this week, SourceClear researchers wrote a technical analysis showing how they used our Security Graph Language (SGL) to uncover 23 vulnerabilities in GlassFish Open Source Edition. And while I’m certainly proud of our ability to find vulnerabilities that no one else sees, there is a much bigger issue here affecting how we think about and manage open source. Are We Eating From the Dirty... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu