Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Jenkins World 2017: DevSecOps, It’s Not You, It’s Not Me, It’s We

jcoletta's picture
By Joe Coletta August 24, 2017  | Security News

At Jenkins World on Aug. 31, Veracode’s Pete Chestna (@PeteChestna) will join fellow industry experts, including DevOps.com’s Alan Shimel and Forrester’s Robert Stroud, to address the hurdles organizations face as they try to create a DevSecOps culture. DevSecOps adoption is on the rise – and there’s no doubt that the practice can cause some friction and hinder the development process. Recent... READ MORE

Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures

jzorabedian's picture
By John Zorabedian August 17, 2017  | Security News
DevSecOps Global Skills Survey

The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply. Now, a survey of development and IT professionals, conducted by Veracode and DevOps.com, has... READ MORE

Big Win! Veracode Sweeps Web Application Security Category in CRN’s 2017 Annual Report Card

lbois's picture
By Leslie Bois August 16, 2017  | Security News

I am thrilled to announce that Veracode has swept the Web Application Security category of CRN®‘s 2017 Annual Report Card (ARC) awards program. Veracode was selected as the highest rated web application security vendor by solution providers in a satisfaction survey which evaluated vendors based on product innovation, support and partnership.       This year marks the 32nd... READ MORE

Securing Web Apps in a DevOps World (Notes From Black Hat 2017)

DevOps at Black Hat

Zane Lackey of Signal Sciences spoke at Black Hat 2017 on a topic near and dear to my heart: Practical Tips for Defending Web Applications in the Age of DevOps. DevOps — and really, any Agile or Agile-like rapid software development approach — is a huge enabler for business. Changes to software are envisioned, implemented, tested, and deployed incredibly fast. Deployments can happen multiple... READ MORE

We're Already at Cyberwar (and We're Losing)

jzorabedian's picture
By John Zorabedian July 25, 2017  | Security News
Cyberwar and Election Hacking

Let’s face it – cyberwar is no longer science fiction. Our economies – and our democratic system – are under attack. Security researchers are often reluctant to attribute attacks to particular nation states. But it’s become increasingly clear that Russia attempted to meddle in the 2016 U.S. presidential election, and perhaps other elections in the UK and Europe. Last summer, Russia-backed hackers... READ MORE

Testing the Fences: Software Security Is National Security

jlavery's picture
By Jessica Lavery July 5, 2017  | Security News
Jurassic Park Fences like AppSec?

There is a scene in the movie Jurassic Park where we witness just how smart the velociraptors are. In order to find a way out of their enclosure, the carnivorous dinosaurs are systematically testing the electric fences for weaknesses, making note of where the fences are weakest and where they are strongest. Once a vulnerability is found in the system (in this case a disgruntled employee turning... READ MORE

Why Prevention Is the Only Answer

bfitzgerald's picture
By Brian Fitzgerald June 30, 2017  | Security News

Prevention is often derided as a naïve, outdated notion in information security. Today, the talk in security often centers around the idea of “detection and response.” The thought around this approach is that we must assume attackers will get into our networks – it is not a question of “if” but “when.” Therefore, the only good security is to detect them inside, monitor their actions, and then... READ MORE

The Next Petya Will Be Worse – Why Software Development Must Change

jzorabedian's picture
By John Zorabedian June 28, 2017  | Security News
Petya Ransomware Attack

Another major cyberattack hit computer networks around the globe on Tuesday, beginning in the Ukraine, when a paralyzing ransomware struck websites of government agencies, banks, transportation, and power plants, before spreading to Russia, the UK, U.S., and other nations. Coming just weeks after the WannaCry ransomware wreaked havoc, this new attack – initially believed to be a strain of the... READ MORE

Podcast: The OWASP Top 10 List Update: What You Need to Know

sciccone's picture
By Suzanne Ciccone June 19, 2017  | Security News
2017 OWASP Top 10 Release Candidate

The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities. The release candidate... READ MORE

Towards a better risk score for open source security

asharma's picture
By Asankhaya Sharma June 15, 2017

You already know that SourceClear provides robust vulnerability detection to protect your code and your customers. However, when you’re overseeing multiple projects, it can be a challenge to know where to prioritize your resources. Even if you have just one project, you may want to know how that project stacks up against similar projects by other developers. That’s where our new project risk... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu