We’re all getting ready for the yearly RSA pilgrimage. I thought I’d put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We’re looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards […]
Veracoder Mark Kriegsman created a free utility, called AdiOS, that lets iOS users quickly scan the apps they’ve downloaded to see which have access to their complete address book. After downloading the utility, users can see which applications are accessing using this tool. Read about the utility and download it to see which of your apps are transmitting your phone book data.
At corporations and government offices around the world a security failure happens every day. Employees forward confidential calendar events and messages to personal calendars and personal email accounts. This may make their jobs easier but it can put their companies at risk. A recent security incident involving the FBI can teach us something about corporate […]
You’ve probably read by now that online retailer Zappos suffered a security breach affecting over 24 million customers. As a Zappos customer, I received the email last night alerting me about the breach. I got a nearly identical email from their sister company, 6pm.com, as well. This is a clear sign that I buy too […]
Here’s a feel good story to start the new year. Just before the holidays, we detected a cross-site scripting (XSS) vulnerability while running a web application scan for one of our customers. Nothing special about that; we detect thousands of these things every week. But as we discussed this particular finding, we noticed that the […]
When we last left our intrepid hero, he was embarking on an quest to become an information security thought leader. A year has passed; let’s see how he’s doing! Enjoy.
ICS-CERT warns of backdoors in a standard network module for control systems. The type of equipment is the Schneider Electric Quantum Ethernet Module. Both static passwords and a remotely accessible debug service were found. Backdoors in industrial control systems These backdoor revelations in industrial control equipment are becoming frequent. Earlier this year Dillion Beresford found […]
Today we’re releasing Volume 4 of our semi-annual State of Software Security report. This edition incorporates data from 9,910 application builds (twice as many as last time) analyzed via our cloud-based platform over the past 18 months. In this edition, we also discuss how the threat landscape has evolved during 2011 and how we’ve adapted […]
Dark Reading published an list of 10 big breaches in 2011. Dark Reading said, “No one was immune: not social networks, not financial institutions, and not even security firms.” I thought I would take a look at how many of these breaches were due to an application vulnerability. These are the breaches that most likely […]
Seven years ago when we were first embarking on the mission of making static analysis useable, scalable, and able to operate without access to source code, automated static binary analysis was a new concept. There were human operated disassemblers, but the ability to do large scale, highly repeatable static binary analysis was an unknown. At […]