/aug 2, 2018

Black Hat 2018: The Art of Secure Code

By Sam King

This year’s Black Hat conference has some of the most diverse and intriguing sessions of any recent industry event. Attendees will have the opportunity to explore hacking of voting booths, learn about vulnerabilities in critical infrastructure and see live demos of how attackers can alter functionality of some of the most popular digital payment systems.

These vastly different threats have something in common - the software code that powers our world. Just about everything we experience is driven by software, yet producing reliable and secure software is an enormous challenge. Applications are not only growing in size, they’re also becoming more complex and distributed across millions of devices and cloud and on-premises environments.

It’s a frenetic but exciting time to be a security professional, and all of us at Veracode are looking forward to Black Hat to share our experiences, gain insight from our peers, partners and customers and get a close look at important research taking place around the industry. Black Hat is one of the most anticipated industry shows each year because it provides us with knowledge and perspective that helps our customers, partners and prospects improve how they develop and improve their software.

Check us out at our booth:

This year, Veracode will be showcasing “The Art of Secure Code” at booth 852. Securing your digital assets requires a precise synergy between many different stakeholders. Making it all come together using development tools and security testing to strengthen the security of your software is like creating a work of art. Don’t miss the virtual reality to live illustrations taking place at our booth that make “The Art of Secure Code” come to life. In addition, we’ll be displaying our full suite of solutions, including our, Software Composition Analysis, Veracode Static Analysis IDE Scan and newly revamped Dynamic Analysis.

Because companies want to create software better, faster and more efficiently, they turn to open source libraries, despite the inherent risk of vulnerabilities. With Veracode’s acquisition of SourceClear earlier this year, our software composition analysis offers a SaaS-based tool that relies on a proprietary vulnerability database, going significantly beyond the NVD and a unique technology that increases the actionability of SCA results. The solution not only tells you which applications have a vulnerable component, it tells you whether or not the functionality is being used – something no other SCA solution can offer. See it in action at our booth.

And on stage:

Our co-founder and CTO, Chris Wysopal, will present during DEFCON on August 10, offering a retrospective look at the L0pht Testimony. Two decades removed from their seminal testimony to a Senate panel about the dangers of rampant insecurity online, Chris and other original L0pht members will revisit the testimony and discuss the current state of security. In addition, Veracode engineer Matt Cheung will lead a workshop at DEFCON on August 9, “Introduction to Cryptographic Attacks,” that will illustrate vulnerabilities in cryptography and allow participants to get hands-on and implement attacks.

Be sure to stop by to find out how Veracode can help foster the synergies that enable secure applications in today’s software that many would call a work of art. Our team of executives and experts will be on hand to discuss your organization’s objectives relating to securing your critical applications.

See you in Las Vegas!

Related Posts

By Sam King

Sam King is the Chief Executive Officer of Veracode and a recognized expert in cybersecurity, the emerging practice of DevSecOps and business management. As a founding member of the Veracode team, Sam helped lead the establishment and growth of the application security category working with industry experts and analysts. In her current role, Sam is focused on company growth and helping customers achieve their missions through the creation of secure software. Prior to Veracode, Sam held leadership positions in cybersecurity and technology companies including Verisign and Razorfish.