Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part II

Welcome to another round of Agile SDLC Q&A. Last week Ryan and I took some time to answer questions from our webinar, “Building Security Into the Agile SDLC: View from the Trenches“; in case you missed it, you can see Part I here. Now on to more of your questions! Q. What would you recommend […]

Heartbleed And The Curse Of Third-Party Code

The recently disclosed vulnerability in OpenSSL pokes a number of enterprise pain points. Chief among them: the proliferation of vulnerable, third-party code. By now, a lot has been written about Heartbleed (heartbleed.com), the gaping hole in OpenSSL that laid bare the security of hundreds of thousands of web sites and web based applications globally. Heartbleed […]

Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part I

Recently, Ryan O’Boyle and I hosted the webinar “Building Security Into the Agile SDLC: View From the Trenches”. We would like to take a minute to thank all those who attended the live broadcast for submitting questions. There were so many questions from our open discussion following the webinar that we wanted to take the […]

Hell is Other Contexts: How Wearables Will Transform Application Development

Wearable technology is in its infancy. But don’t be fooled: the advent of wearables will fundamentally change the job of the application developer. Here’s how. There’s no doubt about it: wearable technology is picking up steam. But as wearables gain traction with consumers and businesses, application developers will need to tackle a huge, new challenge, […]

Introducing the iOS Reverse Engineering Toolkit

It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]

Managing Flaw Review with a Large Multi-vendor Application

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However in a large enterprise there exist applications which are developed by […]

RSA Perspective: Is It Time For A Cyber Safety Board?

We have government agencies to monitor the safety of cars, roads, bridges and air travel. What’s so special about cyber? If you caught the headlines last week, you might have read about the developing scandal over a fatal problem with ignition switches in General Motors cars? The automaker has been forced to recall 1.37 million […]

Reversing Kony JavaScript iOS Applications

Researched by William Spires and Stephen Jensen. That Was Then, This is Now Just five short years ago, if you wanted to create an iOS application, you had to either take a crash course in Objective-C programming or hire someone to create the application for you. It was truly the beginning of a mobile revolution, […]

Strategies for Rapid Adoption of a Security Programme within a Large Enterprise

A large-scale deployment of the Veracode static code analysis tool across a large enterprise presents a number of unique challenges such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-month time frame.

6 Ways to Become a More Secure Developer in 2014

Every December security companies pull out their list of predictions for the coming year. These predictions are generally bland, and either cite the specific problem the company addresses as the big trend for the next year, or recycles predictions from previous years.

Rather than add to the noise, the Security Research Team at Veracode created a list of resolutions for 2014 that developers could use to help make their code more secure.

1 2 3 22