Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Quantifying the Probability of Flaws in Open Source

Jay Jacobs and I recently delivered an RSA presentation called Quantifying the Probability of Flaws in Open Source. Since many people didn’t get a chance to see it, I thought I’d summarize some of the findings here for posterity. The question we investigated was simple, at least conceptually: what are the red flags of an open-source repository? Are there characteristics of a given open source library that would reliably indicate it was safer than others?

The Veracode CLI: End to End Testing with Static, Container, and Dynamic Scanning

In this blog, we’re going to examine the Veracode CLI tool. Available for Windows, MacOS, and Linux, the imaginatively named binary veracode can perform a variety of functions across the SDLC. Installing the tool is easy, just follow the steps in the documentation.

Introducing Postman Collection Support for API Security Testing

In today's digital landscape, Application Programming Interfaces (APIs) play an important role in driving innovation. They allow teams to integrate new applications with existing systems, reuse code and deliver software more efficiently. But, APIs are also prime targets for hackers due to their public availability and the large amounts of web data they transmit. API vulnerabilities can lead to unauthorized access, data breaches, and various other forms of attacks.

Strategic Risk Management for CISOs: A Holistic and Consolidated Approach

As Chief Information Security Officers (CISOs), it's crucial to manage risks in a holistic and consolidated manner as the landscape of threats, particularly those targeting applications, continues to evolve and expand. With the increasing reliance on digital technologies, artificial intelligence (AI), and cloud-based services, the attack surface for potential cyber threats is growing and changing.

Available Now: Veracode Scan for JetBrains IDEs

Veracode Scan for VS Code was one of the big hits on the expo floor at the RSA Security conference in May this year. People liked the integration of Veracode Static, Veracode SCA, and Veracode Fix into a single extension, giving developers the tools to scan their code and resolve problems with AI assistance while they are actively developing code.

Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management

In the rapidly evolving digital landscape, the maturity of an organization's Application Security (AppSec) program is not just beneficial; it's imperative for resilience at scale and reducing security debt accumulation. Since software is increasingly central to business operations, the need for robust AppSec programs has never been more critical. Here’s a guide to understanding the various stages of AppSec maturity and how to evolve through them for effective risk management.

Understanding the Nuances: DAST vs. Penetration Testing

Cyberattacks are a growing threat, making it crucial for us to understand the tools and techniques available to secure applications. Today, we dive into the differences and similarities between Dynamic Application Security Testing (DAST) and Penetration Testing with insights from a Veracode industry expert and certified penetration tester, Florian Walter. DAST is an automated technique designed to identify security vulnerabilities in web applications and APIs during runtime.

Unlocking the Power of AI in Cybersecurity: Key Takeaways from the HMS Belfast Breakfast Briefing

In the rapidly evolving landscape of technology, the fusion of Artificial Intelligence (AI) and cybersecurity is creating both exciting opportunities and formidable challenges. The recent breakfast briefing on the historic HMS Belfast served as a critical forum for industry leaders to explore these issues in depth.

Strengthening AI Chatbot Defenses with Targeted Penetration Tests

The world is quickly seeing the rise of AI powered customer service. The conversational agent chatbots enhance the customer experience but also introduce a new attack vector. Here's what you need to know about strengthening AI chatbot defenses. Many AI driven technologies have access to vast data sources and access to functions that assist users. AI chatbots can be used in many ways such as answering questions about an item in stock, help develop code, to helping users reset their password.