Good Ol’ SQLi Used to Hack Naval Database from Nuclear Carrier

Wired Threat Level reports that Nicholas Paul Knight, 27, who called himself a “nuclear black hat,” has been charged with hacking a Navy database while working onboard the nuclear-powered USS Harry S. Truman aircraft carrier (at which point he was caught and discharged from the service). Knight was part of a hacking group called Team […]

Video Survey: How Would You Involve Software Development Teams in AppSec?

We’re back with another question for security pros around the world. This video is part of our Future of Application Security series where we asked a group of appsec professionals in attendance at RSA Conference 2014 their thoughts around some of the biggest industry topics. Check out the video and if you have an opinion, […]

Software Security: At the Front Line of Data Protection

A report released in the UK this week highlighted nicely the link between software security and data protection- a very hot topic this side of the pond in the midst of EU regulation reform and post-PRISM privacy concerns. The Information Commissioner’s Office (ICO), the UK’s independent regulatory office dealing with data protection and data privacy, […]

AppSec Makes A Cameo In Healthcare.gov Drama

Congress is demanding code audits for Healthcare.gov. Guess what: they’re right! In a letter dated May 1, Representative Lamar Smith of Texas, the Chair of the House Committee on Science, Space and Technology, asked Gene Dodaro, the Comptroller General of the Government Accountability Office (GAO) to expand an audit of the Healthcare.gov web site. As […]

Security Testing: What’s Your Remediation Plan?

Application security testing is finally mainstream, after years of effort. Whether it’s compliance-driven or a result of the increasing realization that information security is about a lot more than just firewalls, application security testing is happening in most organizations. Here at Veracode, we test thousands of apps a year – and that number is only […]

Code Blue: Audit Reveals Desperate State Of Medical Device Security

A presentation at Thotcon is just the latest to sound an alarm about the pitiful state of security within hospitals and other medical settings. The U.S. healthcare system is modernizing by leaps and bounds – largely driven by changes included in The Affordable Care Act and other federal regulation that is driving investment in breakthrough […]

Announcing the Veracode Video Survey: What do YOU think?

It seems that everyone working in information security today has an opinion about how enterprises can best secure their application infrastructures. That’s why we here at Veracode decided to tap the “wisdom of crowds” and ask security folks their opinions on some hairy industry topics. Where better to catch these thought leaders than at the […]

Shining a Flashlight on Mobile Application Permissions

The Federal Trade Commission (FTC) recently completed and announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular “Brightest Flashlight” application for Android. Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a […]

Time to Crowdfund Open Source Security?

Will crowd funding bug bounties for OpenSSL solve its security problems? Probably not. For years, security experts and thought leaders have railed against the concept of “security through obscurity” – the notion that you can keep vulnerable software secure just by preventing others from understanding how it works. Corporate executives worried about relying on open […]

1 2 3 4 5 6 68