Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Veracode Named a Leader in the Gartner Magic Quadrant for Application Security for the Fifth Report in a Row

lpaine's picture
By Laura Paine March 20, 2018

For the fifth consecutive report, Gartner placed Veracode as a Leader in the 2018 Magic Quadrant for Application Security Testing1.  Gartner chooses leaders for the report based on a company’s completeness of vision and ability to execute in the application security testing (AST) market. In recent years, we’ve witnessed the rise in adoption of DevSecOps and Modern Software Factory... READ MORE

How to Prevent a Breach From Spring Break

cwysopal's picture
By Chris Wysopal March 8, 2018  | Managing AppSec
Spring Break Vulnerability

Spring Break, the latest named vulnerability, is more serious than the moniker implies. Spring Break is a critical remote code execution vulnerability in Pivotal Spring REST, one of the most popular frameworks for building web applications, and the effects of this vulnerability are widespread. A patch for Spring Break has been available since September of last year, but the vulnerability broke... READ MORE

NYDFS Cybersecurity Regulation Transition Period Ends

jzorabedian's picture
By John Zorabedian February 23, 2018  | Managing AppSec
NYDFS Cybersecurity Regulation

March 1, 2018 marks the end of the one-year transition period for the New York Department of Financial Services (NYDFS) cybersecurity regulation. The passage of this date means affected organizations — including banks, insurance companies, and other financial services companies licensed by or operating in New York State — must be in compliance with a raft of security rules intended to protect non... READ MORE

Podcast: Veracode’s 2018 Development Resolutions with Maria Loughlin

lpaine's picture
By Laura Paine February 1, 2018
Developer Resolutions

Earlier this year, we looked at what 2018 has in stock for open source, and we wanted to continue this trend to dive a little bit deeper into the resolutions the developer community may have for the New Year. For some, it’s a matter of striving to write smaller batches of code that are more testable, better for security stance, or getting more of the enterprise to internalize that quality code is... READ MORE

Research Report: DevSecOps Provides a Competitive Edge

jzorabedian's picture
By John Zorabedian January 23, 2018  | Research
DevSecOps Research Report

Veracode has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development process... READ MORE

Forrester Analyst Amy DeMartine on What to Expect in Open Source in 2018

lpaine's picture
By Laura Paine January 11, 2018
2018 Open Source Software

When it comes to open source and security, one of the most popular words that pops into the head of security aficionados and professionals is “dread.” Certainly that perception is driven by open source’s reputation – it is seen as fast, easy, low cost and, well, risky. With unknown hands touching the code – and a surprisingly low number of developers maintaining common components – it’s... READ MORE

The Biggest Cybersecurity Stories, Breaches and AppSec Lessons of 2017

jzorabedian's picture
By John Zorabedian December 22, 2017  | Customer News
Cybersecurity Breaches of 2017

The past year featured daily news about cyberattacks, data breaches, and software vulnerabilities. If it feels like our cybersecurity challenges grow bigger and more complex, year after year, it's more than just a perception. Research from security companies, including Veracode, shows that there are more attacks than ever, and organizations have not caught up with the preventive measures needed... READ MORE

Podcast: 2017 OWASP Top 10 – What’s New

sciccone's picture
By Suzanne Ciccone December 21, 2017

For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions?... READ MORE

Podcast: Are We at Risk For Data Breach Disclosure Fatigue?

lpaine's picture
By Laura Paine December 21, 2017

What is the fundamental purpose of data breach disclosures? To help the company breached? To help other companies in a similar position? To help the customers of the breached company? To help law enforcement? At its most extreme, should it ever be about shaming a company that had poor security? Depending on the circumstances, it can be about all of the above. Focus on the customer. That’s a... READ MORE

What's in your Crypto Currency Wallet?

jetanderson's picture
By Jet Anderson December 18, 2017

Keeping up with our theme of cryptocurrency blog posts, especially given all of the hoopla about digital currencies these days, we decided to do a little digging into the relative security of cryptocurrency related open source projects. Wow. Just wow. The names have been changed to protect the guilty, but even we were surprised at the results. In total, we scanned the top five projects with... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu