AppSec Knowledge Base

APPLICATION SECURITY KNOWLEDGE BASE

Application Security Information and Resources

The following is an extensive library of topical guides that are helpful and informative resources on a range of topics relating to application security.

.NET SQL injection .NET SQL injection remains a critical risk. SQL injection in .NET continues to be one of the most prevalent threats to websites and applications. A .NET SQL injection is a security weakness in a .NET...

3rd Party Risk Management Effective 3rd party risk management requires powerful solutions. At a time when compliance with regulatory frameworks like PCI DSS and HIPAA are more critical than ever, 3rd party risk management of...

Advanced Persistent Threat Stopping an advanced persistent threat through software testing. An advanced persistent threat is a type of cybersecurity attack where malicious individuals gain access to a network and, rather than...

Agile SDLC Adding security to the agile SDLC While an agile software development lifecycle (agile SDLC) can dramatically increase the pace of development, many development teams have difficulty balancing the...

Agile Security Agile security is a must for software development While software development teams have often seen a conflict between Agile methods and secure development, agile security is the only way to ensure...

Agile Software Development Lifecycle What is Agile? The Agile Manifesto formally introduced the idea of Agile Software Development in 2001. Agile is a collection of software development methods used by groups of developers to quickly...

Agile Testing Improve application security with Agile testing solutions. While the Agile software development lifecycle, or Agile SDLC, has helped to increase the pace and quality of software development, Agile...

Agile Testing Process Challenges of the agile testing process Many development teams are struggling to find an agile testing process that effectively balances the need for speed and SDLC Security. Finding and fixing...

Android Hacking Introduction to Android Hacking - Hacking Applications, Hacking Tools and Resources, and How to Secure Your Android Device from Getting Hacked Since its inception in September 2008, the Android...

Android Security: Guide to Android OS Introduction to the Android Operating System and Android Security Features (including Android Application Security) Android is a Linux kernel mobile platform. Android runs on a wide range of devices...

App protection Web applications have become the #1 attack vector for data breaches, making web app protection a critical priority for enterprises around the world. Yet only one in 10 enterprises has web application...

App Security The challenge of app security The traditional on-premises approach to enterprise application security, or app security, is no longer enough to protect organizations from threats. Traditional network-...

App Security Testing Integrate app security testing into your entire SDLC. Web applications have become the primary vector for attacks, making app security testing critical to protecting the enterprise. With superior...

App Vulnerability Scanner Protect your software with an app vulnerability scanner. At a time when web applications have become the #1 attack vector for cyber criminals, an app vulnerability scanner is a must-have technology...

Application Control Audit Secure your software with an application control audit. An application control audit is designed to ensure that an application’s transactions and the data it outputs are secure, accurate and valid....

Application Development Lifecycle The turn of the century brought with it a booming application ecosystem that shows no sign of slowing growth. Applications have become the new face of web and mobile software, and application...

Application Layer Software security testing stops threats at the application layer. The application layer has become a primary target for attacks aimed at breaching enterprise security. Comprised of legacy...

Application protection Achieve application protection with cloud-based testing tools. It’s no wonder that application protection is a top priority for many organizations – software applications are the most-attacked part...

Application Security Assessment Common misconceptions about application security assessments For enterprises developing software, an application security assessment is essential to producing software that is free of flaws and...

Application Security Best Practices What are application security best practices? Web applications are the number one attack vector for data breaches, yet the majority of organizations fail to adopt application security best practices...

Application Security Knowledge Base Application Security Information and Resources The following is an extensive library of topical guides that are helpful and informative resources on a range of topics relating to application security...

Application Security Risk The application security risk of third-party software. Managing application security risk has become increasingly complex as more enterprises rely on third-party applications when deploying or...

Application Security Tools Deliver safer software with better application security tools The right application security tools can help development teams build safer software faster. Developers are always managing a balancing...

Application Security Vulnerability: Code Flaws, Insecure Code Understanding Application Vulnerabilities What is an Application Vulnerability? An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the...

Application Testing Tool for Web Application Analysis  Protect your software, use an application testing tool Application analysis is an important part of securing your enterprise. By identifying vulnerability in software before it is deployed or...

ARP Spoofing What Is ARP Spoofing? ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of...

Attacks Application Attack Types The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics...

Automated Code Testing Eliminate software flaws with automated code testing For development teams tasked with delivering better software faster, automated code testing tools can help to effectively and painlessly inject...

Automated penetration testing tools Increase application security with automated penetration testing tools. Automated penetration testing tools can be an invaluable part of your web application security toolkit. Web applications have...

Automated Software Testing Find and fix vulnerabilities with automated software testing tools. Automated software testing solutions are invaluable for development teams working to deliver secure applications more quickly. For...

Automated Web Testing Application Security Testing Improve application security with automated web testing. Automated web testing tools are a critical priority for development teams that need to increase application...

Behavioral Analysis Our cloud-based Behavioral Analysis is designed to inspect mobile applications for risky or malicious behaviors—like accessing contact information, reading data from SIM cards and transmitting data...

Binary Analysis Tools & Binary Code Binary Code Analysis Is a Powerful Tool in Application Security As cybersecurity threats have shifted from the network perimeter to the application layer in recent years, application security...

Black Box Analysis Black box analysis is essential to application security Dynamic Analysis Security Testing (DAST), also known as black box analysis, is a critical tool for securing web applications. Designed to find...

Black Box Testing Improve application security with black box testing. Black box testing, also known as dynamic analysis security testing (DAST test), is an essential tool in achieving application security. Black box...

Black Box testing techniques Black Box testing techniques are critical to application security. Black box testing techniques are an essential part of any application security testing program. In contrast to white box testing...

Blackbox Test Improve Application Security with a Blackbox Test Tool A blackbox test, also called a dynamic analysis security test (DAST test), is an invaluable part of any application security toolbox. Blackbox...

Blackbox Testing Blackbox testing is crucial to application security When it comes to finding flaws and vulnerabilities in applications, blackbox testing (also known as a Dynamic Analysis or DAST test) offers certain...

Blackbox Testing Techniques The Pros and Cons of blackbox testing techniques. Blackbox testing techniques – also known as dynamic analysis – are a crucial component of a comprehensive application security testing protocol....

Building microservices Building microservices with secure code. One of the principal challenges of building microservices is enterprise data protection – ensuring that code is tested for security before it enters...

BYOD Security & Policies BYOD: Bring Your Own Device, Secure BYOD Policies and Mobile Management What is BYOD? BYOD is short for “Bring Your Own Device,” a phrase that refers to the practice of allowing employees to bring...

C integrated development environment Security testing in the C integrated development environment. Working with a C integrated development environment (IDE) can help developers write code more quickly and efficiently. A C integrated...

Cache Poisoning Attack What Is Cache Poisoning? Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the Domain Name System (DNS) name server. The Domain Name System is a system...

Cloud application security Protect your software with a cloud application security solution. When you want to increase the security of your applications, a cloud-based application security solution offers significant...

Cloud Security Applications Protect your enterprise with cloud security applications. Cloud security applications and SaaS application monitoring solutions are transforming the way enterprises protect against application-layer...

Cloud-based Security Cloud-based security platforms improve control over third-party software. When working with third-party software, a cloud-based security platform can help your development team ensure that code you’...

Code Review Tools Speed development with automated code review tools As development teams work to integrate security into the software development lifecycle (SDLC), the right code review tools can help to find...

Code Review: Code Review Tools Code review is an examination of computer source code. It is intended to find and fix mistakes introduced into an application in the development phase, improving both the overall quality of software...

Code Security Analysis Code security analysis is a must for competitive enterprises Security is a major aspect of business competitiveness today. An attack on the enterprise can reduce productivity, tie up resources, harm...

Commercial off the Shelf Software - COTS What is commercial off the shelf software? Commercial off the shelf software (COTS) refers to any software pre-built by a third-party vendor and purchased or licensed for use by an enterprise. COTS...

Common Web Application Vulnerabilities The following is an extensive library of security solutions, articles and guides that are meant to be helpful and informative resources on a range of Web vulnerability types, including, but not...

Computer Worm What is a computer worm? Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Worms typically cause harm to...

Containerization Containerization creates challenges to application security. Containerization, or container-based virtualization, is a technique for deploying and operating distributed applications without needing...

Credentials Management Flaws, Tutorial and Cheat Sheet What Is a Credentials Management Attack? A credentials management attack attempts to breach username/password pairs and take control of user accounts. Once inside a system, an attacker can alter,...

Critical Security Controls What are the top 20 Security Controls? When you need to quickly secure your IT infrastructure you can’t afford to spend time patching up low criticality vulnerabilities, wading through a sea of false...

CRLF Injection Tutorial: Learn About CRLF Injection Vulnerabilities and Prevention CRLF Injection Defined CRLF refers to the special character elements "Carriage Return" and "Line Feed." These elements are embedded in HTTP headers and other software code to signify an End of Line (...

Cross Site Scripting Prevention Cross site scripting prevention requires strong application security. Solutions for cross site scripting prevention are on the rise as cross site scripting (XSS) attacks continue to plague...

Cross site scripting vulnerability The danger of a cross site scripting vulnerability. As the number of cross site scripting attacks, or XSS attacks, continues to rise, organizations must find effective solutions to identify and fix a...

Cross-Site Request Forgery Guide: Learn All About CSRF Attacks and CSRF Protection Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 whereby a malicious website will send a request to a web application that a user is already authenticated against from...

Cross-Site Scripting (XSS) Tutorial: Learn About XSS Vulnerabilities, Injections and How to Prevent Attacks  XSS - What Is Cross-Site Scripting? Cross-Site Scripting (also known as XSS) is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page that...

Cryptographic The danger of Insecure Cryptographic Storage. Insecure Cryptographic Storageis a common collection of vulnerabilities related to storing sensitive data without the appropriate encryption. Ideally, in...

Cryptographically The challenge of cryptographically insecure storage. When storage is cryptographically insecure, sensitive data like personal information, credit card numbers, healthcare records and trade secrets...

CSRF attacks The danger of CSRF attacks. Cross-Site Request Forgery attacks, or CSRF attacks, are a common and potentially devastating vulnerability that can be easily exploited by cyber criminals. In CSRF...

CSRF Token Prevent a Cross-Site Request Forgery with a CSRF token. While Cross-Site Request Forgery (CSRF) continues to be a common attack on applications, organizations can easily prevent it with a CSRF token...

CWE Eliminate top CWE errors with Veracode. The Common Weakness Enumeration (CWE) is a list of weaknesses in software that can lead to security issues. While the CWE list is long, it is also prioritized...

Cyber Security: Improve Strategy Against Risks Cyber Security: Improve Your Online Strategy for Cyber Threats, Risks Cyber Security Awareness Cyber security awareness is at an all-time high. Many companies and countries understand that cyber...

DAST Assessment Increase application security with a DAST assessment. A dynamic analysis security testing assessment, or DAST assessment, is a crucial part of any web application security testing program. In a DAST...

DAST Test Benefits of a DAST test for application security A dynamic analysis security testing tool, or a DAST test, is an application security solution that can help to find certain vulnerabilities in web...

Data Breach Data Breach Survival Guide The Cost of a Data Security Breach As the number of internet-connected devices skyrockets into the billions, a data breach prevention strategy is an increasingly important...

Data Leak Protection The growing need for data leak protection As organizations increasingly store and communicate confidential information using digital technology, data leak protection has come into focus as a critical...

Data Loss Prevention Guide: Learn Data Loss Tips Guide to Data Loss Prevention, Data Loss and Data Leakage Why Is Data Loss Prevention Important? According to a Gartner CISO survey, data loss prevention (DLP) is a top priority for CISOs. Data loss...

Data Loss Protection Effective data loss protection requires secure applications. Data loss protection is a growing priority for CISOs today. Organizations are storing more confidential data in digital form while the...

Data Security Ultimate Data Security Guide Protecting Your Data Security and Data Privacy The first step in protecting your enterprise's data privacy and security is to identify the types of information you want...

DDOS How a DDOS attack can compromise your system. A distributed denial of service (DDOS) attack poses a significant risk to your computer systems in more ways than one. In a DDOS attack, cyber criminals...

Dev Ops tools Improve application security with powerful Dev Ops tools. As Secure Dev Ops continues to transform software development, organizations and development teams require innovative new Dev Ops tools that...

Dev Sec Ops Powerful software testing tools enable Dev Sec Ops Dev Sec Ops is an approach to application security and software quality metrics that requires all parties around application development to be...

Development Processes Embedding security testing into development processes. No matter what development processes an organization uses to produce software, integrating application security testing into the software...

DevOps Testing Cloud-based tools can speed DevOps testing As DevOps transforms the software development process, development teams everywhere are searching for powerful DevOps testing tools that provide the speed...

DevSecOps DevSecOps requires powerful testing tools DevSecOps, or secure devops, is the mindset in software development that everyone is responsible for app security. By integrating developers with IT...

Directory Traversal What Is Directory Traversal? Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Directory traversal, also known...

Dynamic Analysis Dynamic Analysis Is Critical to Application Security Dynamic analysis is the testing and evaluation of a program by executing data in real-time. The objective is to find security errors in a program...

Dynamic Analysis Knowledge Base Dynamic Analysis is the testing and evaluation of a program by executing data in real-time and is key to application security. Learn More A Web Application is any application that...

Encapsulation Vulnerabilities What Is an Encapsulation Vulnerability? Encapsulation refers to a programming approach that revolves around data and functions contained, or encapsulated, within a set of operating instructions....

Enterprise application security  Minimize the risk and cost of enterprise application security. Enterprise application security is a business-critical priority today. Enterprises increasingly rely on software to deliver innovation...

Enterprise application testing Improve competitiveness with enterprise application testing. Enterprise application testing is an indispensable application security technology for every organization striving to be more competitive...

Enterprise data protection Improve enterprise data protection with application testing services. Enterprise data protection remains one of the most important tasks for IT teams at organizations large and small. Companies today...

Error Handling Flaws - Information and How to Fix Tutorial What Is Improper Error Handling? It’s not unusual for web applications or databases to generate error messages. In fact, they’re a normal part of operations, and they provide valuable insights into...

Ethical Hacking Guide to Ethical Hacking: Tools and Free Tutorial on Ethical Hacking What Is Ethical Hacking? Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the...

Facebook Security Guide: Application Security Issues, Settings, Tips Facebook Application Security: Learn About Potential Issues and Breaches, Get Tips for Improving Facebook Security Since its launch in 2004, Facebook has become the world’s leading social networking...

Failure to Restrict URL Access Background on the OWASP Top 10 and Failure to Restrict URL Access Failure to Restrict URL Access is one of the common vulnerabilities listed on the Open Web Application Security Project’s (OWASP) Top...

Firewall Security The History of Firewall Security The term firewall originated to describe a building wall that offers physical protection from damaging fire. Firewall security technology, first introduced to...

FISMA Compliance Ensure FISMA compliance with Veracode. The Federal Information Security Management Act of 2002, or FISMA, is a federal law designed to improve computer and network security within the U.S. federal...

FISMA Compliance Ensure FISMA compliance with Veracode. The Federal Information Security Management Act of 2002, or FISMA, is a federal law designed to improve computer and network security within the U.S. federal...

Flash Security Flash Security Is Critical for Flash Applications Flash is a multimedia platform developed by Adobe that is commonly used for videos, animations, games and more. Flash was originally released in 1996...

Format String Flaws What Is a Format String Attack? A format string attack occurs when an application interprets data as a command and allows an attacker to access the underlying code base. The offending code alters the...

Full stack developer The challenge of employment as a full stack developer The full stack developer is one of the most sought-after employees in web development. A full stack developer must be proficient in both front-...

GHOST What is GHOST? GHOST (CVE-2015-0235) is a buffer overflow vulnerability in the GLIBC2 system library. Within that library the gethostbyname() and gethostbyname2() functions are vulnerable. This...

Gray Box Testing Application security through gray box testing In application security testing, gray box testing (or gray box testing) is a combination of white box testing and black box testing, and can be an...

Heartbleed Secure Your Application Infrastructure from Heartbleed What is it? “Heartbleed” is a vulnerability in the commonly used open-source cryptography library OpenSSL.  Any server or web site using a...

HIPAA compliance HIPAA compliance requires powerful solutions. The United States Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, poses some significant information technology...

How Software Composition Analysis Reduces Risk from Open Source Components Using open source code speeds up development cycles and reduces cost. But it comes with risks – open source code doesn’t get the same level of scrutiny as your internally-developed software. And when...

Information Technology Infrastructure Library Improving IT security with the Information Technology Infrastructure Library. The Information Technology Infrastructure Library is a set of documents that details best practices for creating and...

Information Technology Infrastructure Library (ITIL) What Is ITIL? The Information Technology Infrastructure Library (ITIL) is a document management collection of information that contains guidelines about how to create best-practice infrastructure in...

Insecure Cryptographic Storage Insecure Cryptographic Storage Defined Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive data is not stored securely. Insecure Cryptographic Storage isn’t a single...

Insufficient Transport Layer Protection Insufficient Transport Layer Protection Tutorial: Learn About Insufficient Transport Layer Protection Vulnerabilities and Prevention Insufficient Transport Layer Protection Defined Insufficient...

Internet Security Internet Security Is Critical for Online Applications The internet represents an insecure channel for exchanging information, leading to a high risk of intrusion or fraud. In today's world, most...

Internet security test Protect applications with an Internet security test. In a world where everything is increasingly linked together, an Internet security test is critical to protecting applications that are constantly...

iOS Security Guide: Data Protection Tips iOS Security Overview According to Apple’s iOS Security Guide, iOS security can be viewed in four layers: system architecture encryption and data protection network security device access iOS...

Java SQL injection Testing can prevent Java SQL injection. SQL injection in Java continues to be one of the most common attacks on web applications. In part, this is because a Java SQL injection requires so little...

JavaScript Security What Is JavaScript? JavaScript is a high-level, interpreted programming language that has been widely used since its release in 1995. JavaScript is currently the world’s 11th most popular programming...

Keylogger Keyloggers: Detectors, PC Monitors, Keylogger Software, What Is a Keylogger What Is a Keylogger? Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (...

LDAP injection The danger of an LDAP injection LDAP injection is a type of attack on a web application where hackers place code in a user input field in an attempt to gain unauthorized access or information. Like...

Linux Hacking Learn about Linux Hacking Tools, How to Stop Hackers Background on Linux Linux is an open source operating system for computers. Linux is a Unix-like operating system, meaning that it supports...

Load testing What is load testing? Load testing is a type of performance testing that applies stress to a software program. Load testing may be used for multiuser systems, simulating access to determine whether...

Malicious Code What Is Malicious Code? Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a...

Malicious software Security testing can prevent the effects of malicious software. “Malicious software”, or “malware software”, refers to a broad range of threats to application security that may include viruses, worms...

Malware  Malware Tutorial: Learn About Malware, Vulnerabilities and How to Avoid Malware What Is Malware? Malware is short for “malicious software”: hostile applications that are created with the...

Malware software The rise of malware software. As the Internet and email have become ubiquitous in our business and personal lives, incidences of malware software have risen exponentially as well. Malware software is...

Man in the Middle (MITM) Attack Man-in-the-Middle Tutorial: Learn About Man-in-the-Middle Attacks, Vulnerabilities and How to Prevent MITM Attacks What Is a Man-in-the-Middle Attack? A man-in-the-middle attack is a type of...

Microservices The challenge of making microservices secure. Microservices represent a decentralized approach to software development, where larger applications are broken down into smaller components, or...

Mobile app security testing Resolve vulnerabilities with mobile app security testing. With the rise of mobile Internet usage, mobile app security testing has become a critical part of protecting users and organizations from...

Mobile App Testing Secure mobile applications with superior mobile app testing. As you work to ensure the security of your mobile applications, the right mobile app testing solutions can help reduce cost and speed...

Mobile Code Security Improve the Security of Your Mobile Applications Mobile App and Mobile Code Security Risks There are two main categories of mobile code security risks: (1) malicious functionality and (2)...

Mobile Security Knowledge Base Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system. In this respect many of the risks are similar to those...

Network security firewall When a network security firewall isn’t enough. While a network security firewall is a critical piece of security technology, hardware or software firewalls on their own aren’t enough to fully protect...

Network security tools Add application testing to your network security tools. As companies strive to protect their computer systems, data and people from cyber attack, many have invested heavily in network security tools...

NIST Compliance Addressing NIST Special Publications 800-37 and 800-53 The National Institute of Standards & Technology (NIST), a non-regulatory agency of the U.S. Dept. of Commerce, is a measurement standards...

Open Source Vulnerabilities Open source vulnerabilities create serious risks. While open source software offers many benefits to enterprises and development teams, open source vulnerabilities pose significant risks to...

OS Command Injection Primer: How They Work and How to Prevent Attacks What is OS Command Injection? Command injection refers to a class of critical application vulnerabilities involving dynamically generated content. Attackers execute arbitrary commands on a host...

OWASP security Address OWASP security risks with Veracode. When you want to identify and remediate the Top Ten OWASP security threats, Veracode’s cloud-based services can help. The Open Web Application Security...

OWASP Testing Tools Enterprise application testing OWASP testing tools help remediate the biggest security threats. As you seek to focus your efforts at improving application security, acquiring OWASP testing tools...

OWASP Top 10 Vulnerabilities What is OWASP and the OWASP Top 10? The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security....

Packet Analyzer What is a Packet Analyzer? Packet analyzers are used to monitor, intercept, and decode data packets as they are transmitted across networks. Packet analyzers can be computer programs (software) or...

Password Hacking How to Defend against Password Hacking Any way you look at it: your secret passwords are under attack. Computer hackers love to successfully defeat cryptography systems. Cybercriminals enjoy getting...

PCI 3.0 Automated testing solutions help ensure PCI 3.0 compliance. The Payment Card Industry Data Security Standard 3.0 (PCI 3.0) establishes data and network security standards intended to protect the...

PCI 31 Improve PCI 3 compliance with help from Veracode. For software organizations, complying with Payment Card Industry Data Security Standard 3.0 (PCI 3) can be a significant burden. PCI 3 mandates that...

PCI 6.5 Automate testing to ensure compliance with PCI 6.5. The Payment Card Industry Data Security Standard 6.5 (PCI DSS 6.5, or PCI 6.5) stipulates that organizations should “develop web applications based...

PCI DSS 6.5 Compliance with PCI DSS 6.5 requires automated testing solutions. Complying with Payment Card Industry Data Security Standard 6.5 (PCI DSS 6.5) is critically important, both to avoid the fines and...

PCI security Veracode testing tools enable PCI security compliance. For software development organizations, complying with Payment Card Industry Data Security Standard 3.0 (PCI 3.0) requires an investment in...

Penetration Testing What Is Penetration Testing? Penetration Testing Defined There is a considerable amount of confusion in the industry regarding the differences between vulnerability scanning and penetration testing...

PHP SQL injection test Protect your applications with a PHP SQL injection test. While SQL injection continues to be a major threat to PHP applications, organizations can easily prevent these potentially devastating attacks...

Preventing XSS Preventing XSS with a cloud-based testing solution While cross-site scripting (XSS) attacks continue to threaten enterprise security, preventing XSS attacks is simple – when you have the right tools...

Race Condition What Is a Race Condition Vulnerability? A race condition attack happens when a computing system that’s designed to handle tasks in a specific sequence is forced to perform two or more operations...

Reflected XSS The key to preventing a reflected XSS attack A reflected XSS attack is a kind of cross-site scripting attack, where malicious script is injected into websites that are trusted or otherwise benign....

Regression Testing Improve regression testing with security testing tools. Regression testing is an essential part of QA for software development teams. When a new build, release or patch creates changes to existing...

Remediation plan A remediation plan is key to application security testing. While application security testing has become a central part of software development, too many organizations make the mistake of testing...

Responsible Disclosure Policy  In this policy, references to "Veracode", "us", "we" and "our" mean Veracode, Inc., a privately held company, and our global subsidiaries: Veracode Limited, Veracode Securities Corporation,...

Role based access controls Improve security with role-based access controls. Role-based access controls are a method for restricting access to a network based on a user’s role within the organization. As threats to the network...

Rootkit: What is a Rootkit? Rootkit: What Is a Rootkit, Scanners, Detection and Removal Software What Is a Rootkit? A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while...

Ruby on Rails Security Ruby on Rails Secure Development Guidelines What Is Ruby? Ruby is an object-oriented programming language. Ruby was first developed in the mid-1990s by Yukihiro "Matz" Matsumoto. Ruby supports...

Ruby Penetration Testing Protect your web apps with Ruby penetration testing. While web applications built with Ruby on Rails face many of the same threats as other programming languages, Ruby penetration testing can help...

SaaS Application Monitoring Find vulnerabilities in web apps with SaaS application monitoring. As organizations rely ever more heavily on web applications for critical business functions, SaaS application monitoring is quickly...

SaaS Application Security Protect software more effectively with SaaS application security services. Application security tools delivered as Software-as-a-Service (SaaS application security) provide real advantages over on-...

SaaS Cloud Security Protect applications with SaaS cloud security technology. SaaS cloud security solutions are changing Security DevOps and the way enterprises protect critical web applications. As the #1 attack vector...

SarbOx compliance Achieve SarbOx compliance with security testing tools. The Sarbanes-Oxley Act (SarbOx) has created new requirements for application security testing, but the right tools can help organizations...

SDLC Agile Making your SDLC agile and secure While the agile software development lifecycle, or agile SDLC, can deliver applications with greater speed, balancing security with SDLC agile processes has...

SDLC Security The challenges of ensuring SDLC security. Security in the software development lifecycle (SDLC) has traditionally been a point of tension for developers, but automated testing tools can help to...

Secure Applications The challenges of building secure applications quickly. For development teams racing to meet build deadlines, the need to deliver applications on time often trumps the need to deliver secure...

Secure Compliance Meeting requirements for secure compliance in software development. As governments enact more laws governing the security of information and punishing data breaches, organizations everywhere are...

Secure Development Lifecycle The following is an extensive library of security solutions articles and guides that are meant to be helpful and informative resources on a range of security solutions topics, from web application...

Secure DevOps Secure DevOps requires best-of-breed testing tools While DevOps is disrupting software development in powerful and productive ways, implementing DevOps testing and understanding how to secure DevOps...

Secure Software Development Practices The Importance of Secure Development With the vast amount of threats that constantly pressure companies and governments, it is important to ensure that the software applications these organizations...

Secure web Building more secure web applications. Creating secure web applications is critical to preventing the kind of breaches that make headlines and cost millions. Yet fewer than one in 10 organizations...

Secure Web Application Development The challenge of secure web application development Secure web application development is acknowledged as a critical priority for every enterprise producing software. Yet fewer than 10% of security...

Securing Web Applications The key to securing web applications Effectively securing web applications is critical to preventing data breaches. More than half of all breaches today involve web apps, yet fewer than 10% of...

Security analysis Protect your enterprise with a software security analysis. As applications continue to be a primary target for attacks, software security analysis has become a critical tool for protecting...

Security Assessment The challenges of security assessment of third-party software. For organizations concerned about software security, a security assessment of third-party software presents a real problem. The need for...

Security Attestation The challenges of producing a security attestation. A security attestation is a critical component of third party risk management. For enterprises, a security attestation can help to ensure that a...

Security Audits  Performing security audits in the SDLC. Security audits are essential to software development processes and an important step in helping to ensure software quality and protect applications from...

Security DevOps Putting Security into DevOps The practice of DevOps is transforming the software development lifecycle (SDLC), bringing lessons learned from quality control in manufacturing to the design and...

Security Review Software Security Review Software, Enterprise Software Security Review, Code Security Review What Is a Software Security Review? The goal of a software security review is to identify and understand the...

Security testing tools for mobile applications Simplify security testing for mobile applications. When it comes to security testing for mobile applications, development teams have traditionally faced a tough dilemma. Traditional mobile app...

Security Vulnerability Assessment Software Vulnerability Assessment Software and Service, Scan and Identify Vulnerabilities in Code Get a Superior Alternative to Security Vulnerability Assessment Tools and Software Vulnerability assessment...

Sequel injection How to prevent sequel injection attacks. Sequel injection, also known as SQL injection, is a type of weakness in an application that may allow a malicious individual to access and control an...

Session management The risk of broken session management. Broken authentication and session management is consistently one of the OWASP Top 10 Web Application Security Risks, and a vulnerability that developers must...

Shellshock The danger of Shellshock to application security. Shellshock is an application-layer vulnerability in Bash, a widely-used UNIX/Linux program. It has a severity ranking of 10 – the highest level – on...

Shellshock Vulnerability Test Protect your applications with a Shellshock vulnerability test. While Shellshock continues to be a critical application-layer vulnerability in the UNIX/Linux program Bash, a simple Shellshock...

Software Code & Security Audit Three Critical Kinds of Software Audit There are many ways to “audit” a software application. Indeed the most basic kinds of software audit examine how the software is functionally configured,...

Software Code Security and Code Security Analysis Software Code Security Protects the Enterprise The enterprise today is under attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have...

Software containers How to secure software containers. Adoption of software containers has risen dramatically as more organizations realize the benefits of this virtualized technology. Software containers are...

Software Development Lifecycle (SDLC) What is a Software Development Lifecycle? SDLC Defined: SDLC stands for software development lifecycle. A software development lifecycle is essentially a series of steps, or phases, that provide a...

Software Development Lifecycle Methodologies Adding security to software development lifecycle methodologies. Development teams use a variety of software development lifecycle methodologies today as they race to release quality applications...

Software Development Lifecycle Models Application security in different software development lifecycle models. With software applications continuing to be the most attacked security perimeter, development teams face great pressure to...

Software Development Models Security testing with different software development models. Development organizations use a variety of software development models for producing the applications that drive business today. Each has...

Software Development Tools Increase speed and security with automated software development tools. As organizations work to protect software applications from an ever-evolving landscape of threats, automated software...

Software firewalls The limitations of software firewalls. Software firewalls have been a central line of defense against cyber attacks for years. Software firewalls inspect content transferred between computers on a...

Software of Unknown Pedigree Software of Unknown Pedigree - SOUP Software of Unknown Pedigree (aka Software of Uncertain Provenance, aka SOUP) has been a term used primarily in scenarios where software/hardware/firmware governs...

Software Quality Improving software quality through application security testing. As business applications continue to be the primary target of cyber criminals, improving software quality has become a top priority...

Software Quality Metrics  Improving software quality metrics with application security testing. Software quality metrics are a vital tool in helping to protect applications from attack and developing software that is more...

Software Security Balancing software security and speed of development. For development teams working to deliver business innovation to the market, software security is often at odds with development timelines....

Software Security Testing Software Security Testing Provides Critical Protection The Importance of Software Security Assessments Software security testing offers the promise of improved IT risk management for the enterprise....

Software Security Testing Tools What is Security Testing? A code security test analyzes how code is written and how it interacts with other objects in an environment to identify weaknesses or flaws that would allow an attacker to...

Software Testing Protect applications with integrated software testing solutions Software testing to find flaws and vulnerabilities in code is a critical part of the software development lifecycle (SDLC) – especially...

Software Testing Methodologies and Techniques There are a variety of different software testing methodologies development organizations use. The software testing technique an organization uses and the software testing lifecycle it follows are...

Software Testing Methodology Choosing the right software testing methodology With more than half of all breaches originating in business applications, organizations and development teams everywhere are seeking a software testing...

Software Testing Process As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. To...

Software Testing Tools Why Use Software Testing Tools? Most companies today will experience some form of attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers...

Source Code Analysis Superior source code analysis offers greater security As the enterprise today is under constant threat from malicious attacks, source code analysis has become a top priority. By reviewing internally...

Source Code Analyzer  Source Code Security Analyzer Tool The enterprise today is under constant attack from criminal hackers and other malicious threats. As the enterprise network has become more secure, attackers have...

SOX compliance Simplify SOX compliance with automated testing tools. While the Sarbanes-Oxley Act (SOX) has created new complexities for application security testing, automated testing solutions can help to manage...

Spoofing Attack: IP, DNS & ARP What Is a Spoofing Attack? A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware...

Spoofing definition Spoofing attacks continue to plague businesses and individuals everywhere, and many enterprises are working quickly to put anti-spoofing defenses in place. But because many users lack a clear...

Spyware What Is Spyware?   Although it sounds like something James Bond would employ, spyware is all too real. Spyware is any software that installs itself on your computer and starts covertly...

SQL cheat sheet Get the latest on SQL injection with an SQL cheat sheet. SQL injection, also known as SQL insertion, is a dangerous vulnerability that is highly prevalent in enterprise web applications. While SQL...

SQL Injection Attacks & How To Prevent Them The danger of SQL attacks. SQL attacks are among the most common threats to application security today. It takes relatively little skill to mount an SQL injection in .NET, Java or PHP, and the...

SQL Injection in .NET How to stop SQL injection in .NET applications. When it comes to SQL injection, .NET applications continue to be the primary target. Even hackers with little skill or experience can mount a...

SQL Injection in Java Combating SQL injection in Java applications. SQL injection in Java web applications continues to be a significant threat to enterprise security. The reason: a Java SQL injection is remarkably easy...

SQL injection scanner Protect your applications with an SQL injection scanner. SQL injection continues to be a significant threat to application security, but the right SQL injection scanner can protect your software from...

Sql Injection: Vulnerabilities & How To Prevent Sql Injection Attacks  What is SQL Injection? How will SQL Injection impact my business? How do I prevent SQL Injection? What is SQL Injection? SQL injection (SQLi) is an application security weakness that allows...

SQL insertion Preventing SQL insertion. SQL insertion attacks, also known as SQL injection, is a high-severity vulnerability that allows attackers to access, damage or delete data from databases and to perform...

Static Analysis Knowledge Base Source Code Analysis For enterprises seeking a source code analysis solution that can actually deliver 100 percent coverage even when source code is not available, Veracode has the answer. ...

Static Analysis: Static Analysis Tools and Platforms  Veracode Is a Static Analysis Platform What Is Static Analysis? Static security analysis is one of the many code review tools that can be implemented without actually executing, or running, the...

Static Code Analysis  What is Static Code Analysis? Static code analysis, also commonly called "white-box" testing, is one of veracode's code review tools that looks at applications in non-runtime environment. This...

Static Testing Advantages of a Veracode’s static testing solution With static testing technology from Veracode, you can: Find and fix software vulnerabilities quickly and cost-effectively. Integrate application...

Systems Development Life Cycle Definition Systems development life cycle: a definition The term “systems development life cycle” is used frequently in conversations about the development of software and other technology projects. But many...

Systems Development Life Cycle Models Integrating security testing into systems development life cycle models. As application security continues to be a critical priority, development teams need software testing techniques that can work...

Systems Development Life Cycle Phases Securing applications in systems development life cycle phases. To improve application security, development teams require sophisticated software testing techniques for all systems development life...

Testing web applications Testing web applications are critical to security. More than half of all security breaches today originate in a web application[i] – which makes testing web applications for flaws an essential part...

The dangers of open source risk As the use of open source code in development projects continues to grow exponentially, software development teams must take great pains to address open source risk. Open source libraries can deliver...

The Rise of Malicious Mobile Applications There are four main kinds of malicious mobile applications, or MMAs for short, which we detailed in our mobile security eBook: Spyware that tracks device user activities like texting, emails, calls...

Third-Party Risk Assessment How to make third-party risk assessment easier. When it comes to purchasing software, third-party risk assessment is more difficult today than ever. Applications – and web applications especially –...

Third-Party Security Knowledge Base Commercial Off the Shelf Software Commercial off the shelf software (COTS) refers to any software pre-built by a third-party vendor and purchased or licensed for use by an enterprise. Learn More...

Unit Testing The challenge of unit testing. Unit testing is a software testing method that has been gaining in use and popularity in recent years. By testing small individual units of source code as applications...

Unit Testing Tools Unit testing tools can streamline application security. Unit testing is an approach to application security that uses unit testing tools to determine whether small individual microservices and units...

Vendor Application Security Testing VAST reduces the risk associated with third-party software — so you can innovate with more speed and confidence than ever. With VAST, we manage the entire third-party program for you as a cloud-based...

Veracode Cookie Policy  a.anchor { display: block; position: relative; top: -150px; visibility: hidden; }Last Updated April 15, 2019 At Veracode, Inc. and our global subsidiaries: Veracode Limited,...

Veracode Data Processing Addendum  Veracode takes data privacy and data security matters very seriously and it is important to us that we comply with data privacy laws, including GDPR, in many jurisdictions.  Veracode has...

Veracode Hacks New Veracode User? Use These Hacks to get started with Veracode Veracode Hacks Demos Want to see how to upload your application, get your results, or find an eLearning course? Use these hacked demos...

Veracode Privacy Statement  a.anchor { display: block; position: relative; top: -150px; visibility: hidden; }VERACODE PRIVACY STATEMENT Last Updated July 30, 2019 At Veracode, Inc. and our global...

Veracode Subprocessors Veracode uses the subprocessors listed below to process customer personal information in connection with the Veracode Platform and Veracode Community. Veracode updates this subprocessor list...

Veracode Terms of Use TERMS OF USE ATTENTION: These terms of use set forth the basis on which you are permitted to access and use veracode.com and its related websites (the "Sites"). These Terms of Use incorporate...

Vulnerability Assessment and Penetration Testing What Is Vulnerability Assessment and Penetration Testing? Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are...

Vulnerability Management What Is Vulnerability Management? Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities."1 Organizations use...

Vulnerability Scanner Tools Vulnerability Scanning Enhances Enterprise Security Enterprise applications are under attack from a variety of threats. To protect the security of the enterprise, companies must be sure that their...

Waterfall software development The challenge of security testing in waterfall software development. The waterfall software development model – in which development progresses steadily downward from conception and initiation...

Web App Monitoring Find vulnerabilities in staging and production with web app monitoring. As web applications continue to be the #1 attack vector for data breaches, web app monitoring solutions have become...

Web App Penetration Testing Achieve compliance with manual web app penetration testing. Web app penetration testing is a key security requirement for a variety of regulatory frameworks, from PCI DSS and GLBA to HIPAA and FISMA...

Web App Security Testing Web app security testing is critical to fending off threats. Web applications have become the #1 point of attack for cyber criminals, making web app security testing an essential part of enterprise...

Web Application What is a Web Application? Simply put, a web application is any application that is accessed via a web browser. The browser is the client that runs the web application and allows the user to enter...

Web Application Audit Make a web application audit part of your SLDC. For app developers, a web application audit is the best way to ensure your app is secure before you release it and to prevent hacks, damage to...

Web Application Monitoring Improve security with web application monitoring Web application monitoring solutions are quickly becoming an essential part of application security. Your organization increasingly relies on web and...

Web Application Pen Test Heighten security with a web application pen test. A web application pen test, or penetration test, should be part of a rigorous software security testing strategy. While automated testing technology...

Web Application Penetration Testing Find more flaws with manual web application penetration testing. When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Automated...

Web application scanner Protecting software with a web application scanner. A web application scanner is a critical part of enterprise application security. Web applications are one of the most vulnerable aspects of...

Web Application Scanning Address vulnerabilities with web application scanning As organizations rely more heavily on digital marketing and online communication, web application scanning can help IT teams to monitor the web...

Web Application Security Standards Protecting software with web application security standards As web applications are now the #1 target in confirmed security breaches, development teams must adhere to web application security...

Web Application Security Testing Protect your enterprise with web application security testing Web application security testing is critical to protecting your both your apps and your organization. Your web applications are likely to...

Web Application Testing Securing your organization with web application testing Web application testing is a critical tool in the defense against security threats to your software applications. Web applications are...

Web Application Testing Tools Improve security with web application testing tools. With more than half of all security breaches stemming from attacks on web applications and websites, web application testing tools have become a...

Web Based Application Testing Building secure applications quickly with web-based application testing. For development teams that want to improve application security without slowing development timelines, web-based application...

Web pen testing Web pen testing: a critical component of application security. Web penetration testing, or web pen testing, is an important part of ensuring that applications are free of vulnerabilities that could...

Web Penetration Testing Improve application security with web penetration testing. Manual web penetration testing is an essential component of any software testing protocol. With a growing number of threats to the...

Web scanning Improve application security with web scanning technology. As web applications play an increasingly important role in facilitating communication with customers, employees and partners, web scanning...

Web Vuln Scanner Improve security with a web vuln scanner. A web vulnerability scanner, or web vuln scanner, can help to protect your web applications and websites from threats that are continually growing in number...

Web vulnerability scanners Web vulnerability scanners improve software security. As more than half of all breaches today involve web applications, web vulnerability scanners have become an indispensable part of application...

Website SQL The danger of website SQL injection. Among the biggest threats to application security, website SQL injection ranks among the most dangerous risks. In website SQL injections, cyber criminals are able...

Website vulnerability scanner Protect your organization with a website vulnerability scanner. With organizations under attack from an increasing number of threats, a website vulnerability scanner can help to ensure that websites...

What is a Botnet? What is a botnet? A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer...

What Is a Buffer Overflow? Learn About Buffer Overrun Vulnerabilities, Exploits & Attacks A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker could exploit to gain access to your system. To effectively mitigate buffer overflow vulnerabilities, it is...

What is a Web Application What is a web application? The world today seems to be run by web and mobile applications, but many of us may have a hard time coming up with a good answer for “What is a web application?” Here’s a...

What is a worm What is a worm? Along with “computer virus,” the term “computer worm” has become a highly familiar phrase thanks to the rapid rise and media coverage of cyber threats in recent years. But what is a...

What is Agile project management? What is Agile project management’s impact on software security? Among software development models, Agile project management has emerged as a highly effective approach to developing quality software...

What is an Application What is an application? Our world today is driven by apps and threatened by attacks on them. While most of us have a basic understanding of a variety of tech terminology, when hard-pressed for an...

What is an integrated development environment What is an integrated development environment? In software development, an integrated development environment(IDE) is a central technology used by developers to write code. But what is an integrated...

What Is an Integrated Development Environment (IDE)? An integrated development environment (IDE) is an application that facilitates application development. IDEs are designed to encompass all programming tasks in one application. Therefore, IDEs offer...

What is BYOD The term “BYOD” has become nearly ubiquitous as a disruptive and emerging technology trend. But what is BYOD exactly, and what security issues does it pose for the organization? Here’s a short primer...

What is DLP The term “DLP” has gained wide recognition as a top priority for CISOs. But what is DLP exactly, and how can it help improve data security and protect the interests of the organization? Here’s a...

What is IAST? Interactive Application Security Testing IAST (interactive application security testing) analyzes code for security vulnerabilities while the app is run by an automated test, human tester, or any activity “interacting” with the application...

What is spoof Spoofing attacks continue to be the source of significant security breaches across many industry verticals. But what is spoofing, exactly, and how can organizations put defenses in place to avoid...

What is spoofing The headlines today are full of data security breaches that were initiated by through spoofing, and businesses everywhere our seeking solutions to avoid becoming the victim of a spoofing attack. But...

What is SQL Injection What is SQL injection? With SQL injection attacks on the rise, many who aren’t experts on cybercrime are often hard-pressed to answer questions like “What is SQL injection and how do I prevent it?”...

What is Systems Development Life Cycle What is system development life cycle? The term “system development life cycle,” or SDLC, is tossed around frequently when talking about the software develop process, but many people have only a...

What is Third-Party Software Security Third-party also known as supply chain, vendor supplied or outsourced software is any program or application that is not written exclusively by employees belonging to the company for which that...

What Is Web Security? Web Security Defined As more and more information is available on the web, securing that data becomes increasingly important to protect users. As a developer, you are on the front lines of preventing...

White Box Security Advantages of Veracode’s white box security services. With Veracode’s white box security technology, you can: Integrate and automate security through every phase of the software development...

White Box Test Fix vulnerabilities faster with Veracode’s white box test tool Veracode Static Analysis is a white box test technology that lets your developers quickly find and fix application security flaws...

White Box Testing Benefits of Veracode’s white box testing tools With white box testing tools from Veracode, you can: Automate testing to assess the security of web, mobile, desktop and backend applications. Get a...

White Box Testing Tools Advantages of Veracode’s white box testing tools White box testing tools from Veracode enable you to: Automate testing throughout the SDLC and across your software portfolio. Reduce the cost of...

Wireless Sniffer: Tools, Software to Detect Packet or Network Sniffers What is a Wireless Sniffer? A wireless sniffer is a type of packet analyzer. A packet analyzer (also known as a packet sniffer) is a piece of software or hardware designed to intercept data as it is...