A large-scale deployment of the Veracode static code analysis tool across a large enterprise presents a number of unique challenges such as understanding your application estate, prioritising your applications for scanning, and communicating with your application owners. This blog post provides some guidance based on my experience at delivering several hundred scanned applications in a 14-month time frame.
The news regarding the NSA and its British counterpart discussed how the Angry Birds app was targeted as a means to collect personal information about app users. Presumably the agencies were collecting data that the app was already accessing as part of its normal operations. What data is being accessed and should it concern us?
We performed a behavioral analysis on Angry Birds for Android with our mobile application reputation service. Here’s what we found.
Every December security companies pull out their list of predictions for the coming year. These predictions are generally bland, and either cite the specific problem the company addresses as the big trend for the next year, or recycles predictions from previous years.
Rather than add to the noise, the Security Research Team at Veracode created a list of resolutions for 2014 that developers could use to help make their code more secure.
Ranked at number eight on the 2013 OWASP Top Ten, Cross Site Request Forgery (CSRF) remains a major concern. CSRF manipulates a web application vulnerability which allows an attacker to trick the end user into performing unwanted and possibly sensitive actions.
It’s easy to be lulled into a false sense of security when you’re using an iphone, but is iOS really the better smartphone operating system when it comes to malware?
According to F-Secure Labs’ latest Mobile Threat Report, malware authors continue to concentrate on the Android platform with 252 new threat families and variant families. The report also shows that 81% of discovered threats are profit motivated. So what does this mean? Most bad guys are still looking for cash with their malware!
Top weather app in Google Play ‘Weather Channel VDO‘ looks to be serving more than the forecast. Capabilities include accessing device and carrier information, and examining account and file system. This app is performing Trojan like-capabilities, downloading a 466 kB file from an IP address listed as a known virus site. Findings also include an association with known adware.
Learn more about Veracode’s mobile application reputation service.
The following is a guest post by Wendy Nather, Research Director, Security, 451 Research.
As a former CISO, I’m always happy to see practical advice for defenders. In increasing order of usefulness, there are these types of advice:
- “Here’s what could be wrong; you might want to take a look at that.”
- “This is wrong, and good luck fixing it.”
- “This is wrong, and here’s how we think you should fix it.”
- “When this is wrong, here’s what has worked for us.”
There aren’t enough people in the security industry who are bold enough to step up and say, “Here’s what works.” So when something does come out, we need to pay attention.
In their latest OS release, iOS 7, Apple allows for a number of mechanisms to share data, both in the form of files or streaming data. Two of these mechanisms highlight some of the different design choices Apple has made and will likely continue to make in the SDK.
The annual Consumer Electronics Show kicks off in Las Vegas next week. With rivers of ink spilled on cool, new “smart” products, here are five impertinent security questions that no vendor wants to be asked.
The Consumer Electronics Show (CES) kicks off today in Las Vegas. This year’s show is expected to draw some 150,000 attendees from 150 countries.
This holiday season at Veracode wasn’t just spent at a computer like any other day. It’s the time of year that the generosity of its employees shines by making Christmas magical for children in need. Although this is not the first time Cindy Conrad of Veracode has worked with the Department of Children and Families (DCF) based in Malden, MA, it is the first year Veracode has partnered with them to make a memory for those children, and what a memory it is!