Secure Agile Q&A: API’s, IDE’s and Environment Integration

A few weeks back, I hosted a webinar called “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”, and in this webinar I discussed the importance of security testing and how to integrate it into the Agile SDLC. There were so many questions from our open discussion following the webinar that I have taken […]

Heartbleed Still Causing Heartburn on Industrial Systems

An advisory from DHS’s ICS CERT makes clear that ICS vendors are making progress toward fixing Heartbleed, but that customers face a long slog. The good news about the Heartbleed vulnerability in OpenSSL is that most of the major sites that were found to be vulnerable to the flaw have been patched. As has been […]

Benefits of Binary Static Analysis

1. Coverage, both within applications you build and within your entire application portfolio One of the primary benefits of binary static analysis is that it allows you to inspect all the code in your application. Mobile apps especially have binary components, but web apps, legacy back office and desktop apps do too. You don’t want […]

Good Ol’ SQLi Used to Hack Naval Database from Nuclear Carrier

Wired Threat Level reports that Nicholas Paul Knight, 27, who called himself a “nuclear black hat,” has been charged with hacking a Navy database while working onboard the nuclear-powered USS Harry S. Truman aircraft carrier (at which point he was caught and discharged from the service). Knight was part of a hacking group called Team […]

Video Survey: How Would You Involve Software Development Teams in AppSec?

We’re back with another question for security pros around the world. This video is part of our Future of Application Security series where we asked a group of appsec professionals in attendance at RSA Conference 2014 their thoughts around some of the biggest industry topics. Check out the video and if you have an opinion, […]

Software Security: At the Front Line of Data Protection

A report released in the UK this week highlighted nicely the link between software security and data protection- a very hot topic this side of the pond in the midst of EU regulation reform and post-PRISM privacy concerns. The Information Commissioner’s Office (ICO), the UK’s independent regulatory office dealing with data protection and data privacy, […]

AppSec Makes A Cameo In Healthcare.gov Drama

Congress is demanding code audits for Healthcare.gov. Guess what: they’re right! In a letter dated May 1, Representative Lamar Smith of Texas, the Chair of the House Committee on Science, Space and Technology, asked Gene Dodaro, the Comptroller General of the Government Accountability Office (GAO) to expand an audit of the Healthcare.gov web site. As […]

Security Testing: What’s Your Remediation Plan?

Application security testing is finally mainstream, after years of effort. Whether it’s compliance-driven or a result of the increasing realization that information security is about a lot more than just firewalls, application security testing is happening in most organizations. Here at Veracode, we test thousands of apps a year – and that number is only […]

Code Blue: Audit Reveals Desperate State Of Medical Device Security

A presentation at Thotcon is just the latest to sound an alarm about the pitiful state of security within hospitals and other medical settings. The U.S. healthcare system is modernizing by leaps and bounds – largely driven by changes included in The Affordable Care Act and other federal regulation that is driving investment in breakthrough […]

1 4 5 6 7 8 71