So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read. The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some research: “Findings and perspective […]
UK supermarket giant Tesco was in the news recently for the wrong reasons after details of 2,240 customer accounts appeared on Pastebin. Tesco moved quickly to suspend the accounts in question, but an unlucky few did have store vouchers stolen; not to mention email addresses and passwords on display for the world to see. This […]
The push for more and better application security bumps up against another trend: data ambition. North America’s information security royalty will be in San Francisco next week for The RSA Security Conference. It’s the security industry’s biggest, annual conference. And, like the information security industry itself, RSA is booming. The topic of application security – […]
Application security is hard. It’s big and complex. And it just might be “the last frontier” for cyber-security (at least for now). Unlike network or endpoint security, you can’t just put another box on the network to secure the application layer. For one thing, there are people and processes involved — developers in São Paulo and Sri […]
Veracode will be at RSA 2014 February 24-28. Come learn about best practices for securing your enterprise from application-layer attacks – including web, mobile, legacy and third-party applications. You will find us in Booth #3521 in Moscone North Hall. You can learn why our cloud-based platform is a simpler and more scalable way to reduce […]
The world of industrial control systems has been an island unto itself -but no more. The question now is whether the environment can adapt before real damage is done.
Two weeks ago, I had the privilege to attend The S4 Conference, one of the world’s premiere gatherings of experts in the security and integrity of industrial control and SCADA (supervisory control and data acquisition) systems. This is the technology that runs everything from assembly lines to natural gas pipelines to nuclear power plants. I had Dodos on the brain the whole time.
Ranked at number eight on the 2013 OWASP Top Ten, Cross Site Request Forgery (CSRF) remains a major concern. CSRF manipulates a web application vulnerability which allows an attacker to trick the end user into performing unwanted and possibly sensitive actions.
The annual Consumer Electronics Show kicks off in Las Vegas next week. With rivers of ink spilled on cool, new “smart” products, here are five impertinent security questions that no vendor wants to be asked.
The Consumer Electronics Show (CES) kicks off today in Las Vegas. This year’s show is expected to draw some 150,000 attendees from 150 countries.
This holiday season at Veracode wasn’t just spent at a computer like any other day. It’s the time of year that the generosity of its employees shines by making Christmas magical for children in need. Although this is not the first time Cindy Conrad of Veracode has worked with the Department of Children and Families (DCF) based in Malden, MA, it is the first year Veracode has partnered with them to make a memory for those children, and what a memory it is!
Christmas, 2013 will be a banner year for the Internet of Things, as smart gadgets appear like mushrooms under the Christmas tree. But get ready for a privacy hangover, as poorly designed, and insecurely deployed gadgets turn on their masters.
Just in time for the holidays, I received an e-mail by way of Electric Imp. If you’re not familiar with the “Imp,” (my phrase, not theirs), it’s a [PAAS?] that makes it easy to build and connect smart devices.