Advice Regarding Recent Java Vulnerabilities

By now, our readers have undoubtedly seen the buzz about a serious security vulnerability in Oracle Java, with corresponding exploit code making its way around (in the form of active, in-the-wild attack campaigns, as well as penetration testing tools). If you haven’t, the gist is that, due to an issue in the way access control […]

Securing Your Application Perimeter: Get Results

In my last blog I discussed why web application inventory knowledge is so powerful. So I’m following that with what happens when enterprises actually get the inventory data for the first time.

Usually the first reaction is “OMG! We have a lot of stuff.” This is especially true when the discovery process detects applications outside the well known network ranges or domain patterns. It reminds me of those reality shows where they clear out all the stuff from people’s houses and lay everything out on the lawn for a yard sale and wonder how everything fit into their house.

Using Veracode’s SaaS Engine to Quickly Roll Out Scanning Programs

By Dan Cornell, CTO of the Denim Group (

At Denim Group, we help clients build secure software and secure the software they have built. We have a long-standing partnership with Veracode because their SaaS scanning engine provides us with the vulnerability information we need to help make our customer’s applications more secure.

Our goals when we work with clients rolling out software security testing programs are the following:

AppSec Weekly News Roundup 8/23/2012

In my 15 year history of being online I don’t believe I’ve ever had one of my accounts hacked. Clearly I know how to construct a secure password or perhaps more likely I’ve just never really been important or unlucky enough to be hacked. Count how many password variations you use for your many accounts across the web, is it around 6 or 7? Then congratulations you’re perfectly average. I can’t lie, I was a bit stunned by my own predictability while reading this article and I’m revamping my password strategies as we speak.

Summer 2012 Hackathon Round-Up

You wouldn’t believe what Veracoders can do in just three short days.

Heck, I just watched us do it –again– at the Summer 2012 Hackathon, and I can barely believe it myself.

As you may recall, the rules of our Hackathons are simple: you have three days to design, prototype, test, refine, build, and present anything you like, provided it’s legal and within our “Veracode of Conduct”. Your hack does not have to relate to security, or computers, or Veracode — but many people do use the Hackathon and their own inspiration to propel the company forward in new and exciting ways.

Microsoft BlueHat – 5 Questions with Katie Moussouris

One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest. The contest challenged security researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. We were lucky enough to grab a few minutes of Microsoft’s leader of security community outreach and strategy, Katie Moussouris’ time to answer a few of our questions on the BlueHat contest.

Securing Your Application Perimeter: What to Test for Vulnerabilities

Enterprises have been scanning web applications for security vulnerabilities for some time now. So what’s the big deal between doing some application scans and securing your application perimeter?

Well the first thing is the sheer size and scale of today’s enterprise application perimeter – which we define as all of your Internet facing applications– including the enterprise applications accessed by mobile users…

Security Conference Mania: Where to Find Veracode

If you’ve been in the security industry for awhile, you may notice that there are a lot of events. As in, somewhere in the world, there is a security event happening just about every day of the year. You have your giant industry events, analyst events, regional events, hacker cons, and pretty much any kind of gathering you can possible think of – including conferences on boats, trains, and buses. At any given time, you can find a security conference happening *somewhere*. So, what is it about the security industry that loves an event?

Veracode Hackathon 2012 in Pictures

Over the next 2 to 3 weeks we’ll be authoring a number of posts about our annual Hackathon that ran last week as one of our goals this time around was to share a lot more than we did for our inaugural Hackathon last year. Last week we kicked things off with our brief intro announcing the start of the Hackathon and today we keep things going with our photo round up.

1 2