One of the big stories from this year’s BlackHat conference was Microsoft’s inaugural BlueHat contest. The contest challenged security researchers to design a novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities. We were lucky enough to grab a few minutes of Microsoft’s leader of security community outreach and strategy, Katie Moussouris’ time to answer a few of our questions on the BlueHat contest.
Enterprises have been scanning web applications for security vulnerabilities for some time now. So what’s the big deal between doing some application scans and securing your application perimeter?
Well the first thing is the sheer size and scale of today’s enterprise application perimeter – which we define as all of your Internet facing applications– including the enterprise applications accessed by mobile users…
If you’ve been in the security industry for awhile, you may notice that there are a lot of events. As in, somewhere in the world, there is a security event happening just about every day of the year. You have your giant industry events, analyst events, regional events, hacker cons, and pretty much any kind of gathering you can possible think of – including conferences on boats, trains, and buses. At any given time, you can find a security conference happening *somewhere*. So, what is it about the security industry that loves an event?
Over the next 2 to 3 weeks we’ll be authoring a number of posts about our annual Hackathon that ran last week as one of our goals this time around was to share a lot more than we did for our inaugural Hackathon last year. Last week we kicked things off with our brief intro announcing the start of the Hackathon and today we keep things going with our photo round up.
The 2012 Veracode Hackathon officially kicked off this morning and while most of our coverage of the event will come later this week and next week I wanted to give everyone that was curious a quick glimpse into the event.
The event starts over a free breakfast of donuts and bagels and while participants are welcomed t-shirts are also distributed (pink was especially popular among the men.) Shortly there after our research space is transformed into a 24 hour disco club complete with laser shows and our custom mobile media console.
Dropbox Email Spamming: Posted by Aditya Agarwal in the Dropbox blog, a post titled “Security update & new features,” addresses user complaints about spam they were receiving at email addresses they only used for Dropbox. The investigation unveiled that, “usernames and passwords recently stolen from other websites were used to sign in to a small […]
With over 20% of all web vulnerabilities being attributed to SQL Injection, this is the 2nd most common software vulnerability and having the ability to find and prevent SQL injection should be top of mind for web developers and security personnel. In general, a SQL Injection attack exploits a web application which does not properly validate or encode user-supplied input and then uses that input as part of a query or command against a back-end database.
Veracode Marketing recently polled a list of mobile security experts, asking them “What can employees do to minimize risk when bringing their own devices to work?” We’re pleased to present the responses from a wide array of security experts including David Schwartzberg from Sophos, Kevin Flynn from Fortinet and Veracode’s own, Chris Wysopal. While all our experts have their unique perspectives, some common themes arose including changing employees’ view of security. We want to thank all our respondents for participating and we welcome your thoughts too!
Earlier today we announced the winners of our first ever Secure Development Awards. For those that haven’t heard of our new awards this quote from our Co-Founder Chris Wysopal sums it up nicely; “We’ve created this award to recognize developers’ successes in properly implementing security features during the software development lifecycle…” Read more about our Secure Development Award winners!