Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

mcurphey's picture
By Mark Curphey March 20, 2017

Four weeks ago, we blogged about the issue with Rails' built-in anti-CSRF mechanism, protect_from_forgery, where we calculated that over 50,000 Ruby developers were impacted by Cross-site Request Forgery (CSRF) attacks. Recap The default configuration for Rails' ActionController::Base does not automatically include the anti-CSRF mechanism, protect_from_forgery. There is an open PR in Rails made... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 15, 2017  | Security News
Strange application security failures

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

How We Were Able to Respond to Struts-Shock for our Customers

Struts-shock Response

The use of open source components in software development increases both the speed of software development as well as risk. Our recent State of Software Security report found that approximately 97 percent of Java applications contained at least one component with a known vulnerability. An open source component with a known vulnerability is an attractive target for cybercriminals. Instead of... READ MORE

Android App Holes Means You're On Your Own

eschuman's picture
By Evan Schuman March 13, 2017  | Security News

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE

Podcast: Skills You Need to Succeed in the Digital Economy

jlavery's picture
By Jessica Lavery March 13, 2017  | Security News

The growing need for proficient software developers to help power our digital economy has created a skills gap that companies are trying to fill. There are jobs, but there aren’t people with the right skills to fill them. This creates a great opportunity for those looking to switch or just staring their careers. But for what skills are companies looking? What can universities and... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

jzorabedian's picture
By John Zorabedian March 9, 2017  | Security News
Struts-Shock Vulnerability Affecting Apache Struts 2

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what CA Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is widespread in Java... READ MORE

Bringing CA and CA Veracode Together

CA’s CEO Mike Gregoire and CA Veracode’s CEO Bob Brennan discuss how the acquisition of CA Veracode by CA will help make security a seamless, integrated part of the development process, enabling secure DevOps and helping customers hasten their path to revenue.   READ MORE

RSA Conference 2017 Recap

Neil's picture
By Neil DuPaul March 2, 2017  | Security News
RSA Conference 2017 Wrap Up

After four years of providing web-based support to CA Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as... READ MORE

CA Veracode Named a Leader in the Gartner Magic Quadrant for Application Security Testing for the Fourth Report in a Row

lpaine's picture
By Laura Paine March 1, 2017  | Security News

For the fourth consecutive report, Gartner placed CA Veracode as a Leader in the 2017 Magic Quadrant for Application Security Testing1.  Gartner chooses leaders for the report based on a company’s completeness of vision and ability to execute in the application security testing (AST) market. When it comes to leadership, the proof is in the pudding: in 2016, CA Veracode demonstrated the... READ MORE

Podcast: Addressing the Skills Gap - How to keep our digital economy growing

jlavery's picture
By Jessica Lavery February 23, 2017  | Security News

Our economy continues to shift from a manufacturing and goods based economy to one that is based on services and technology. This digital economy can help improve our quality of life as well as the speed at which we do business, however there are a number of threats to the growth of the digital economy. Chief amongst these threats is the skills gap that exists between what is needed to continue... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu