Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Security as Code: Why It's Important and What You Need to Know

Software is becoming an increasingly pivotal part of modern business and society. In turn, consumers have come to expect instant gratification. This has driven businesses to concentrate on innovation and speed to market. Businesses that can’t keep up with the hyper-competitive market of speed-to-value are falling behind.

Veracode Named a Leader in The Forrester Wave: Static Application Security Testing, Q1 2021

If you’re looking to start or optimize an AppSec program in 2021, the Forrester WaveTM report is a good place to begin your research. The report not only details essential elements of AppSec solutions, but also ranks 12 static application security testing (SAST) vendors based on their current offering, strategy, and market presence. Development speeds and methods are changing and the requirements for a SAST solution are evolving as well.

Veracode Wins Best AppSec Feature Set and Customer Support Awards From TrustRadius

TrustRadius recently awarded Veracode with a 2021 Best Application Security Feature Set Award and Best Application Security Customer Support Award. These honors are given to companies that have gone above and beyond to delight their users. To win the Best Feature Set Award, each nominated organization had to receive 10 TrustRadius reviews in the past year that featured specific mention of their product’s feature set.

How to Communicate Application Security Success to Your Executive Leadership

Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws.

Announcing Veracode in AWS Marketplace: Streamlining Secure Software Development for AWS Customers

Digital transformation continues to accelerate, and with it, businesses continue to modernize their technological environments, leveraging developer-first cloud-native solutions to build, host, and secure their software. At Veracode, we continue to see customers leveraging large cloud providers, such as AWS, as a central platform to conduct these activities.

Nature vs. Nurture Tip 3: Employ SCA With SAST

For this year’s State of Software Security v11 (SOSS) report, we examined how both the “nature” of applications and how we “nurture” them contribute to the time it takes to close out a security flaw. We found that the “nature” of applications – like size or age – can have a negative effect on how long it takes to remediate a security flaw.

Fixing CRLF Injection Logging Issues in Python

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.

Defense in Depth: Why You Need DAST, SAST, SCA, and Pen Testing

When it comes to application security (AppSec), most experts recommend using Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) as “complementary” approaches for robust AppSec. However, these experts rarely specify how to run them in a complementary fashion.

State of Software Security v11: The Most Common Security Flaws in Apps

For our annual State of Software Security report, we always look at the most common types of security flaws found in applications. It’s important to look at the various types of flaws present in applications so that application security (AppSec) teams can make decisions about how to address and fix flaws. For example, high-severity flaws, like those listed in OWASP Top 10 or SANS 25, or highly prevalent flaws can be detrimental to an application.

How Password Hashing Algorithms Work and Why You Never Ever Write Your Own

Are you fascinated with cryptography? You're not alone: a lot of engineers are. Occasionally, some of them decide to go as far as to write their own custom cryptographic hash functions and use them in real-world applications. While understandably enticing, doing so breaks the number 1 rule of the security community: don't write your own crypto. How do hashing algorithms work and what's special about password hashing? What does it take for an algorithm to get ready for widespread production use?