You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect applications that have been deployed to or staged in runtime environments.

I am pleased to share the exciting news that TA Associates (“TA”), a leading global growth equity firm, has signed an agreement to make a strategic growth investment in Veracode, taking a majority equity position in the business. Thoma Bravo will also continue to be an investor alongside TA. This new partnership is forming at a critical moment in the evolution of the software security market.

Today’s web applications are complex, often made up of a mix of existing software, open-source and third-party code, and custom JavaScript and HTML all integrated via application program interfaces (APIs). While web applications are hosted and maintained on an organization’s server, they actually run on an end user’s browser.

Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

We are proud to announce that we have recently achieved AWS Security Competency Partner status. This status exemplifies our technical expertise and dedication to helping customers secure their software at every stage of cloud adoption.

What can’t you buy on the internet? Last-minute birthday gifts. Check. A new refrigerator. Check. An engagement ring. Check. Groceries. Check. Travel to foreign lands. Check. Internet-driven consumerism is a critical component of our economy. But it has its dark side filled with demons.

This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.

The statistics support Microsoft CEO Satya Nadella’s claim that “every company is a software company.” The average enterprise was already deploying 464 custom applications back in 2017, and that number has likely been growing for the past five years with apps designed to meet unique business needs and support daily tasks and processes as they increasingly move online.

The statistics support Microsoft CEO Satya Nadella’s claim that “every company is a software company.” The average enterprise was already deploying 464 custom applications back in 2017, and that number has likely been growing for the past five years with apps designed to meet unique business needs and support daily tasks and processes as they increasingly move online.

A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.