Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

SourceClear scanning now supports SBT, CocoaPods and Yarn projects

hchua's picture
By Hendy Chua April 17, 2017

oday we released a new agent that supports scanning SBT, CocoaPods and Yarn projects, adding to the list of build systems and package managers that we already support. To get this feature users can simply update their agents (i.e. brew upgrade srcclr). SBT Projects For an SBT project to be discovered by our agent, it must contain build.sbt. The agent uses our SBT plugin to build the dependency... READ MORE

Women in Technology: Don’t Worry, It’s Worse Than You Think

anielsen's picture
By Anne Nielsen April 14, 2017  | Security News

Veracode recently hosted a movie night to watch CODE: Debugging the Gender Gap, followed by a group discussion. Two things struck me at this event: Gender diversity in technology is getting worse, not better. This problem won’t fix itself. In our group discussion after the movie – lead by Rosa Carson from Wayfair Labs – we dove into the question of “why is this getting... READ MORE

Podcast: How the Role of Technologists has Evolved with the Rise of the Digital Economy

jlavery's picture
By Jessica Lavery April 9, 2017  | Security News

The rise of the digital economy has created professional opportunities for those entering technology careers, but is has also changed the core responsibilities of technologists. Our dependence on software to fuel the digital economy and as a result business objectives means it is no longer enough for CTOs and CISOS to be focused on technology and security; they must also speak the language of... READ MORE

New Research: In 2017, Women Still Only Make Up 11 Percent of the Cybersecurity Workforce

lpaine's picture
By Laura Paine March 23, 2017  | Security News
Women in cybersecurity.

As March comes to a close, so too does Women’s History Month. Unfortunately, it doesn’t seem that we’ll be putting an end to the ongoing battle for gender equality in the workplace any time soon – and we’re finding that this is especially true in cybersecurity. So true, in fact, that new research shows women make up only 11 percent of the information security... READ MORE

Striking the Right Balance Between Security and Functionality

eschuman's picture
By Evan Schuman March 23, 2017  | Security News

Doing security well is hard work, but it should never block useful functionality for your customers. If security interferes with key software capabilities, the security must be tweaked. The answer should never be to abandon the functionality and certainly not to abandon the security. And yet two instances from this month suggest that is exactly what is happening. Let's start with election... READ MORE

WikiLeaks, Vault 7, and Vulnerability Disclosure: Is It Blackmail?

jzorabedian's picture
By John Zorabedian March 22, 2017  | Security News
WikiLeaks vulnerability disclosure

If you're hit by ransomware, you're presented with a difficult choice. Do you pay the ransom and hope the crooks follow through and return your ransomed data and files? Or do you refuse to pay, and say goodbye to that data forever? Tech companies including Microsoft, Google, Apple and Samsung are facing a similar dilemma, after WikiLeaks published information allegedly showing that the CIA... READ MORE

Podcast: How to Approach the NY DFS Cybersecurity Regulations

sciccone's picture
By Suzanne Ciccone March 21, 2017  | Security News

How should you approach the new NY DFS cybersecurity regulations? In Episode 3 of Veracode's AppSec in Review podcast, Evan Schuman and Veracode's Brian Fitzgerald discuss how these regulations differ from past requirements and best practices for addressing them. They explore, among other things: The opportunity to use these regulations as a framework for a solid security program The best way to... READ MORE

Rails GEMS Vulnerable to CSRF Show Vulnerability Disclosure in Open-Source Projects Needs a Re-Think

mang's picture
By Ming Yi Ang March 20, 2017

Four weeks ago, we blogged about the issue with Rails' built-in anti-CSRF mechanism, protect_from_forgery, where we calculated that over 50,000 Ruby developers were impacted by Cross-site Request Forgery (CSRF) attacks. Recap The default configuration for Rails' ActionController::Base does not automatically include the anti-CSRF mechanism, protect_from_forgery. There is an open PR in Rails made... READ MORE

Strange But True Application Security Failures [INFOGRAPHIC]

jzorabedian's picture
By John Zorabedian March 15, 2017  | Security News
Strange application security failures

Mark Twain famously said, "truth is stranger than fiction." I doubt even he could invent the strange events that unfold daily in our newsfeeds. In the realm of cybersecurity, however, breaches and vulnerabilities are becoming so frequent as to be predictable. Nevertheless, some of the most notable breaches of the past year were shocking in their details. Look at the unexpected outcome... READ MORE

How We Were Able to Respond to Struts-Shock for our Customers

Struts-shock Response

The use of open source components in software development increases both the speed of software development as well as risk. Our recent State of Software Security report found that approximately 97 percent of Java applications contained at least one component with a known vulnerability. An open source component with a known vulnerability is an attractive target for cybercriminals. Instead of... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu