Between You and Me, This Isn’t Private

When you tap in your life’s details into the latest and greatest cloud-enabled mobile app, where does that information actually go? When you post on a website that claims you’re anonymous, are you really? Hey, did you read the privacy policy for any of those services you’re using? Do they even have a privacy policy? […]

Static Analysis: Following Along at Home with Hopper’s Decompiler Feature, Part 1

No source code? No problem! That’s the motto of the binary analyst. We at Veracode have pushed the limits of static analysis (studying a program’s behavior without running it) to automatically detect and report security vulnerabilities in our customers’ codebases. Doing binary static analysis by hand is still a worthwhile skill, however, with myriad practical […]

Whitepaper: “Broken Logic: Avoiding the Test Site Fallacy”

Web security scanners are one tool in the arsenal of any organization that takes security seriously. The ability of automation to rapidly test and verify that an application meets a reasonable standard of security is a key advantage. While manual testing can never be completely removed from the process, automated tools are critical in reducing […]

Privacy and Confidentiality on the Eve of the Facebook IPO

Tonight is the last night that Facebook will be a privately held company. In the morning, Facebook shares will hit the market and there will be a feeding frenzy from investors world wide. Stock buyers will put up somewhere near 16 billion (yes with a “B”) dollars to own a portion of the social networking […]

A Brief Field Guide to Post-UDID Unique IDs on iOS

In iOS 5.0, the call to retrieve the device-specific unique identifier (“UDID”) of an iOS device — specifically, the accessor to UIDevice’s uniqueIdentifier property — was officially marked as deprecated. This probably wasn’t much of a surprise to anyone involved in mobile privacy and application development. For over a year, researchers have been pointing out […]

Demystifying Binary Static Analysis

Last Wednesday I was honored to be able to present a talk on Binary Static Analysis to an Intro to Security class at Tufts University. The instructor, Ming Chow, approached me to speak to his class as he likes to bring in security practioners who are delivering security to their customers. There does seem to […]

Finding the Veracode Research Team at RSA

We’re all getting ready for the yearly RSA pilgrimage. I thought I’d put together a quick post on where you can find Veracode founders and members of the Veracode Research team out at RSA. We’re looking forward to some great conversations and networking. Conference Presentations Chris Wysopal, Monday 9:30-10:20am. PANEL: National and International Security Standards […]

AdiOS: Say Goodbye to Nosy iPhone Apps

Veracoder Mark Kriegsman created a free utility, called AdiOS, that lets iOS users quickly scan the apps they’ve downloaded to see which have access to their complete address book. After downloading the utility, users can see which applications are accessing using this tool. Read about the utility and download it to see which of your apps are transmitting your phone book data.

FBI Gets Bitten by Operational Security

At corporations and government offices around the world a security failure happens every day. Employees forward confidential calendar events and messages to personal calendars and personal email accounts. This may make their jobs easier but it can put their companies at risk. A recent security incident involving the FBI can teach us something about corporate […]

1 2 3 4 5 6 24