Independent software suppliers need to recognize the tide of change that is coming from their largest enterprise customers. Over the course of 2013, I witnessed a shift in security. As we learned about government surveillance and suffered through credit card replacements as a result of the Target Breach, questions of security have come to the […]
So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read. The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some research: “Findings and perspective […]
Researched by William Spires and Stephen Jensen. That Was Then, This is Now Just five short years ago, if you wanted to create an iOS application, you had to either take a crash course in Objective-C programming or hire someone to create the application for you. It was truly the beginning of a mobile revolution, […]
UK supermarket giant Tesco was in the news recently for the wrong reasons after details of 2,240 customer accounts appeared on Pastebin. Tesco moved quickly to suspend the accounts in question, but an unlucky few did have store vouchers stolen; not to mention email addresses and passwords on display for the world to see. This […]
The push for more and better application security bumps up against another trend: data ambition. North America’s information security royalty will be in San Francisco next week for The RSA Security Conference. It’s the security industry’s biggest, annual conference. And, like the information security industry itself, RSA is booming. The topic of application security – […]
Application security is hard. It’s big and complex. And it just might be “the last frontier” for cyber-security (at least for now). Unlike network or endpoint security, you can’t just put another box on the network to secure the application layer. For one thing, there are people and processes involved — developers in São Paulo and Sri […]
Bugs happen. Severe bugs happen. Catastrophic bugs happen. There’s simply no way to know how, exactly, the Goto Fail Bug – a tiny mistake which happened to disable an entire step of SSL verification deep in Apple code – ended up getting written into
sslKeyExchange.c and saved. What is clear is that the bug got through Apple’s QA process unnoticed and ultimately shipped on iOS and OSX. Let’s consider for a moment that this bug was committed to your codebase during routine refactoring. How certain are you, really, that you would catch it? What can we do to improve the likelihood it will be caught?
Veracode will be at RSA 2014 February 24-28. Come learn about best practices for securing your enterprise from application-layer attacks – including web, mobile, legacy and third-party applications. You will find us in Booth #3521 in Moscone North Hall. You can learn why our cloud-based platform is a simpler and more scalable way to reduce […]
In the wake of theTarget breach, large enterprises are beginning to realize they need to take responsibility for the security of their vendors. Research by firms such as Gartner and CrowdStrike have noted that as network perimeters have hardened, attackers are increasingly targeting the IT supply chain. This is because when searching for an entry point into a large organization, cyber-criminals are looking for the path of least resistance.
Earlier this week, the Bank of England warned the UK financial sector that they are unprepared for cyber-attacks with a spokesperson stating that a major attack would disrupt “everyday” life. As a portion of any country’s critical infrastructure, the financial sector is a target for cyber-criminals and terrorists.
The financial sector boasts some of the most mature security programs in the business world, yet gaps that an attacker can exploit still remain. Vulnerabilities in mobile or web applications used and purchased by financial institutions pose a threat to financial service organizations’ infrastructure.