A Financial Model for Application Security Debt

Last week I described the concept of application security debt and application interest rates. I promised that I would follow-up with a financial model that could translate these concepts in to real money. Recap Here’s a quick recap of the initial concept. Security debt is similar to technical debt. Both debts are design and implementation […]

2011 Becomes the Year of Mobile Malware

Google pulled over 20 malicious apps from the Android Marketplace today. The inevitable has happened. 2011 has become the year of mobile malware. All the pieces of the malware ecosystem puzzle that researchers have been warning about are falling into place: Little to no vetting of apps for malicious behavior before being made available from […]

Application Security Debt and Application Interest Rates

Technical Debt Architects and developers are well aware of the term technical debt but many in the security community have never heard of this concept. Ward Cunningham, a programmer who developed the first wiki program, describes it like this: Shipping first time code is like going into debt. A little debt speeds development so long […]

How Code Rot Can Lead to Vulnerabilities

As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot. Code […]

2011 Security Blogger Awards

The 3rd Annual Social Security Blogger Awards were announced last week during the RSA Conference in San Francisco. Veracode received two awards, one for Best Corporate Blog and the other for Best Security Blog Post of the Year. Here is a list of all the nominees and the award winners. It’s always an honor to […]

Free XSS Scanning for the Masses

We’re very excited here at Veracode to announce the availability of our new FREE service to detect cross-site scripting (XSS) in your web application. This is a significant milestone for our company and for the security industry, and we encourage everyone from small ISVs to major enterprises to give us a try. Hopefully this will […]

Mobile App Top 10 List

The Top 10 Mobile Application Risks, or “Mobile App Top 10” for short, is designed to educate developers and security professionals about the mobile application behavior that puts users at risk. This behavior can be maliciously designed or inadvertent. Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop […]

Veracode Research Team Gives 5 Predictions for 2011

As we close out an security eventful 2010, the Veracode research team though it would be a good idea to think about what we are likely to see happen in 2011. Here are 5 predictions we believe will have a very good chance of coming true. 1. Sandboxing goes mainstream with adoption by Firefox and […]

Whitepaper: A Dose of Reality on Automated Static-Dynamic Hybrid Analysis

As application inventories have become larger, more diverse, and increasingly complex, organizations have struggled to build application security testing programs that are effective and scalable. New technologies and methodologies promise to help streamline the Secure Development Lifecycle (SDLC), making processes more efficient and easing the burden of information overload. In the realm of automated web […]

1 5 6 7 8 9 22