Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow. The Marketing team thought it would be fun to compile a list of what we think are the best 20 information security blogs. We used a […]
As an application security analyst, one of my responsibilities includes studying commonly made (and easily preventable) programming mistakes that result in potential security risks. In my experience, some of the most common flaws come from the improper validation of data read from files. In most cases, a programmer has had SOME foresight and it is […]
We’re all getting ready for the yearly RSA pilgrimage. I thought I’d put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We’re looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards […]
Happy Friday! It may have been a short week, but there was no shortage of big news in the security world. However, before we delve into this week’s big news in the security world, I’d like to give a shout out to Veracode developer and blogger, Mark Kriegsman whose blog post on the utility he […]
Recently, Veracode’s Jim Lynch and Fred Pinkett, VP of Product Management at Security Innovations discussed key strategies that organizations need to adopt in order to implement a formalized Application Security Training program for development teams. The well attended webinar generated a number of questions from attendees. The following are some highlights of the Q&A at the end of the discussion.
It’s finally Friday and the start to a long weekend! Here are this week’s hot security topics, as reported by our esteemed peers in the industry: Applications uploading data from your iPhone’s address book without permission: “iOS apps and the address book: who has your data and how they’re getting it,” a great article by […]
Veracoder Mark Kriegsman created a free utility, called AdiOS, that lets iOS users quickly scan the apps they’ve downloaded to see which have access to their complete address book. After downloading the utility, users can see which applications are accessing using this tool. Read about the utility and download it to see which of your apps are transmitting your phone book data.
January 25th, 2012 saw the announcement of new data security regulations for the European Union (E.U.) – the idea being to ‘upgrade’ to the challenges of a new world. The previous Data Privacy Directive had been implemented in 1995 and didn’t reflect the changing data ownership and distribution model that exists today…Cloud storage concerns, jurisdictional […]
“On January 31, Veracode released our first platform update of 2012, including new scans for iOS, improved eLearning progress tracking and reporting, additional API methods, and better communication of expected turnaround times for applications.” That was the headline of the release announcement that went out to our opted-in Veracode users about two weeks ago, and […]
As most of the folks who work at Veracode know, I’m brand new to the IT security space. I’ve been in start-ups most of my career and I’ve touched many industry verticals, but this is my first foray into security. I’m not sure if it was a complete coincidence, but from the moment my initial […]