Ruby on Rails 101 with Ryan O’Boyle

Veracode Security Researcher Ryan O’Boyle educates us about Ruby on Rails. He answers the following questions:

What is Ruby on Rails?

What makes Ruby on Rails a popular framework?

What types of companies are using Ruby on Rails?

Paying Lip Service (Mostly) To User Education

How well do consumer cyber security awareness efforts work? That’s a good question, and one somebody might consider answering!

The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. If customers or employees don’t know that, say, clicking on a curious link on their Facebook wall or opening the iloveyou.exe e-mail attachment could compromise their security, how do we gain ground against cyber crime, cyber espionage, spam and other online ills?

Moving From Poisoning the Ocean to Poisoning the Watering Hole

RSA has published, “THE VOHO CAMPAIGN: AN IN DEPTH ANALYSIS” which describes an APT style campaign against several targets. The campaign used malicious content on several websites dubbed “watering holes” in order to compromise the campaign target’s client machines. Injecting malicious content into vulnerable websites that will then become a drive-by client attack to a […]

Ubuntu Snafu: Privacy Is Hard, Let’s Go Shopping

The following post is about a beta software release, which may — and hopefully will — change. You know what they say about assuming… My faithful army of security-minded Twitter followers alerted me to a sudden change in the Ubuntu Linux distribution’s 12.10 beta build that they found alarming: Amazon search had been integrated into […]

Welcome to the Jungle: Cleaning Up the Mess That Is the Software Supply Chain

Without the software equivalent of an FDA inspector to walk the floor and impose costs (fines, penalties) for shoddy work or unsanitary conditions, it’s a race to the bottom when it comes to the quality of the code that’s produced.

The playwright and existentialist Jean-Paul Sartre famously observed that “Hell is other people.” Put in the modern context, however, it might be more accurate to say that “Hell is other people’s code.”

Introducing VAST: Vendor Application Security Testing

Navigating the security superhighway of application perimeters, vendor software and in house development efforts can be a complex and intimidating task. We aim to shift your efforts to the fast lane with our new program, VAST!

Today marks the official launch of our new Vendor Application Security Testing (VAST) program, designed to help enterprises manage the risks inherent in vendor-supplied software applications.

Third Party Application Analysis: Best Practices and Lessons Learned

This summer, Veracode Solutions Architect Chad Holmes presented a webinar on third party application analysis. The webinar recommended several best practices for enterprises, application vendors, and application analyzers to follow in the third party application analysis process. In this blog post we’ll highlight Chad’s best practices and the key takeaways from his presentation.

1 2