Static Analysis: Following Along at Home with Hopper’s Decompiler Feature, Part 1

No source code? No problem! That’s the motto of the binary analyst. We at Veracode have pushed the limits of static analysis (studying a program’s behavior without running it) to automatically detect and report security vulnerabilities in our customers’ codebases. Doing binary static analysis by hand is still a worthwhile skill, however, with myriad practical […]

Whitepaper: “Broken Logic: Avoiding the Test Site Fallacy”

Web security scanners are one tool in the arsenal of any organization that takes security seriously. The ability of automation to rapidly test and verify that an application meets a reasonable standard of security is a key advantage. While manual testing can never be completely removed from the process, automated tools are critical in reducing […]

A CISO’s Guide to Application Security – Featured Series

Over the past several weeks, Veracode Director of Marketing Fergal Glynn has been authoring a series on application security for security news blog Threatpost. Titled “A CISO’s Guide to Application security,” the five-part series focuses on defining application security, outlining the elements of a comprehensive appsec program, educating about application and software related risks, determining the true cost of a data breach, and providing recommendations to CISOs for managing enterprise-level appsec. Now that the series has come to a conclusion we have highlighted each post below along with links to the full articles.

Disclosures 2012: The Vulnerability of Publicly Traded Companies – Webinar Q&A Part 2

Sam King, Veracode’s EVP of Corporate Development, recently gave a webinar titled Disclosures 2012: The Vulnerability of Publicly Traded Companies. The webinar used Veracode’s Study of Software Related Cybersecurity Risks in Public Companies, a featured supplement to the State of Software Security Report. In the webinar, Sam examined risk management and disclosure practices for public companies dealing with security weaknesses at the software and application layer.

Disclosures 2012: The Vulnerability of Publicly Traded Companies – Webinar Q&A Part 1

Sam King, Veracode’s EVP of Corporate Development, recently gave a webinar titled Disclosures 2012: The Vulnerability of Publicly Traded Companies. The webinar used Veracode’s Study of Software Related Cybersecurity Risks in Public Companies, a featured supplement to the State of Software Security Report. In the webinar, Sam examined risk management and disclosure practices for public […]

Weekly News Roundup

Happy Friday all, and I hope everyone had a great week. Here are the top headlines from this past week in the security world. Enjoy! Cyber Security Index: “Cyber Security Index Highlights Political Threats, Business Partner Risk” by Paul Roberts (@paulfroberts). This article from Threatpost looks at this year’s Index of Cyber Security score of […]

Privacy and Confidentiality on the Eve of the Facebook IPO

Tonight is the last night that Facebook will be a privately held company. In the morning, Facebook shares will hit the market and there will be a feeding frenzy from investors world wide. Stock buyers will put up somewhere near 16 billion (yes with a “B”) dollars to own a portion of the social networking […]

Interview with Dan Guido at SOURCE Boston 2012 – Part 3

In this, our third and final interview segment with Dan Guido, Co-Founder and CEO of Trail of Bits, Dan talks about how organizations should prepare to face security threats, and attack vectors that pose the greatest threat to enterprises today. Watch the interview.

1 2