Android App Holes Means You're On Your Own

eschuman's picture
By Evan Schuman March 13, 2017  | Security News

March brought with it yet more news of app security headaches. The latest is the discovery of "132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages," according to the security firm that made the discovery. But before you dismiss this latest security hole with a yawn and a "so what else is new?," consider... READ MORE

Podcast: Skills You Need to Succeed in the Digital Economy

jlavery's picture
By Jessica Lavery March 13, 2017  | Security News

The growing need for proficient software developers to help power our digital economy has created a skills gap that companies are trying to fill. There are jobs, but there aren’t people with the right skills to fill them. This creates a great opportunity for those looking to switch or just staring their careers. But for what skills are companies looking? What can universities and... READ MORE

Don't Get Zapped by the Struts-Shock Vulnerability Affecting Apache Struts 2

jzorabedian's picture
By John Zorabedian March 9, 2017  | Security News
Struts-Shock Vulnerability Affecting Apache Struts 2

If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable Struts 2 component, due to the severity of the bug, and because it is... READ MORE

Your Next Steps if Your AppSec Program Is in the Baseline Stage

sciccone's picture
By Suzanne Ciccone March 9, 2017  | Managing AppSec

This is the second entry in a blog series that looks at each stage of an application security program’s maturity and outlines what the next steps are to move toward an advanced program. We typically see organizations fall within one of these four stages of application security: Reactive Baseline (you're here!) Expanded Advanced If you are in the baseline application security stage,... READ MORE

Technologies Designed or Transformed for DevSecOps-Enablement

jfeiman's picture
By Joseph Feiman March 8, 2017  | Managing AppSec
DevSecOps-Enablement Technologies

As we outlined in a previous blog post, if we are to choose ideal technologies for DevOps, they should be the ones that are: 1) invisible to Dev and Ops teams, 2) do not require learning by Dev and Ops, 3) run practically by themselves, without Dev and Ops interference, 4) continuously test applications in increments, 5) not only detect vulnerabilities, but also protect applications against... READ MORE

Bringing CA and Veracode Together

CA’s CEO Mike Gregoire and Veracode’s CEO Bob Brennan discuss how the acquisition of Veracode by CA will help make security a seamless, integrated part of the development process, enabling secure DevOps and helping customers hasten their path to revenue.   READ MORE

It's Time to Stop Blaming Developers for Insecure Software

mrunkle's picture
By Matt Runkle March 3, 2017  | Secure Development
Securing DevOps

In two-plus years on the security consulting team at Veracode, and in my prior experience as a security researcher and software developer, I've heard this phrase countless times: "Developers are the biggest cause of security defects." Sure, developers are the ones actively implementing the application – but they’re not the only ones involved in creating software. Lots of... READ MORE

Managing Flaw Review with a Large Multi-Vendor Application

cdomoney's picture
By Colin Domoney March 2, 2017  | Managing AppSec

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise, focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However, in a large enterprise, there are applications that are... READ MORE

RSA Conference 2017 Recap

Neil's picture
By Neil DuPaul March 2, 2017  | Security News
RSA Conference 2017 Wrap Up

After four years of providing web-based support to Veracode's RSA Conference team from our offices in Burlington Mass, I had the pleasure of finally attending the conference myself. First impressions were a bit staggering to say the least. One thing that doesn't exactly come through amid all the web and social chatter that happens around RSAC is the sheer size of this conference as... READ MORE

How to Run a Successful Proof of Value for an Application Security Programme

cdomoney's picture
By Colin Domoney March 1, 2017  | Managing AppSec

So you’ve got upper management buy-in for your application security proof of value and are ready to start scanning applications: how do you make sure your proof of value (PoV) is a success and that you demonstrate the need to progress to a full-scale program? This article describes some of the lessons learned at the start of our large-scale deployment of Veracode within our organisation.... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu