Burlington, MA, USA
Sep 22, 2022   |  By Veracode
Still, 77 percent of healthcare apps contain vulnerabilities and 21 percent of these are categorized as "high severity".
Sep 22, 2022   |  By Jill Newberry Queenan
The healthcare industry is transforming patient care through software, from 24/7 digital patient portals, to AI-fueled medical research, and everything in between. As innovation reaches new heights, how does healthcare stack up against other sectors in terms of software security flaws and the ability to remediate them?
Sep 19, 2022   |  By Mateusz Krzeszowiec
On 28th of August reported a vulnerability in csurf middleware – expressjs supporting library that enables CSRF protection in expressjs. As of 13th of September csurf library has been deprecated with no plans to fix the vulnerabilities. There is no viable alternative for csurf middleware now.
Sep 12, 2022   |  By Natalie Tischler
When you’re looking to secure your applications, you need to keep a few things in mind. You want to make sure that your software security vendor is a fully-Saas vendor you access in the cloud. That way you benefit from scalability, peer benchmarking, and more. Here’s what to look for in an application security testing solution that you can access in the cloud while supporting cloud-native development. Plus, you’ll learn why cloud-based trumps on-premises solutions.
Sep 7, 2022   |  By Veracode
As software engineers, we are incredibly busy. We’re designing new features, writing tests and implementing code, debugging, opening pull requests, and performing code reviews. That’s not to mention all of the DevOps stuff that our teams have us doing nowadays, too. Oh yes, and then there are stand-ups, check-ins, one-on-ones, and all-hands. The thing is: you don’t have time to waste. If there is wasted time in your workweek, it’s worth looking into how to recapture that time.
Aug 23, 2022   |  By Veracode
Despite Low Flaw Prevalence, Finance Industry Lags in Fix Rate 30 Percent of Open-source Flaws Remain Unresolved After Two Years.
Aug 22, 2022   |  By Veracode
According to our most recent State of Software Security Report, the financial services industry has fewer security flaws in its applications than last year. Great news, right? That said, the reduction in security flaws isn’t as significant as we would hope to see. The financial services industry has traditionally been recognized for having the least amount of security flaws.
Aug 17, 2022   |  By Natalie Tischler
As technology explodes, so do the threats. Point solutions emerge as security players innovate in order to keep up. This creates the need for consolidation, as the fragmented solutions become too much to manage. We’re entering a consolidation phase now, the process of distilling, refining, and letting the cream rise to the top. We sat down with cybersecurity veteran and vigilante, Chris Wysopal, to get his perspective on emerging trends in cloud-native security.
Aug 16, 2022   |  By Veracode
Veracode announces the launch of the Veracode Velocity Partner Program. The objective of the program is to enable partners to grow their security practice quickly and profitably around Veracode's cloud-native Continuous Software Security Platform, offering opportunities to accelerate deal closure, expand market share, and grow revenue.
Aug 9, 2022   |  By Veracode
Cloud-native Platform Provides Expanded Integrations, Software Bill of Materials, and Additional Language and Framework Support.
Sep 15, 2022   |  By Veracode
Katina Hamann, Strategic Account Manager at Trace3 describes the business factors that drive application security requirements for their customers.
Aug 8, 2022   |  By Veracode
Jason Olkowski, Global Head of Veracode Customer Success introduces the Customer Community and what it has to offer Users, Developers, and AppSec Managers.
Jul 7, 2022   |  By Veracode
The Unified Summary Report presents findings across all scan types in a “single pane of glass.” This update incorporates SCA results into the application summary report and makes it easier to filter and explore scan results.
Jul 7, 2022   |  By Veracode
As part of Veracode's comprehensive platform experience, peer benchmarking puts the power of Veracode’s unparalleled data into the hands of customers so they can measure their flaw and remediation performance against subsets of the #Veracode customer community directly in the Veracode portal.
Jun 9, 2022   |  By Veracode
Here is a quick snapshot of what we uncovered during our annual State of Software Security (SoSS) report. Download this year’s report to find out.
May 17, 2022   |  By Veracode
An overview of the Veracode Continuous Software Security Platform, that brings security and development together to secure software throughout the software development lifecycle.
Apr 29, 2022   |  By Veracode
Veracode Community Manager Javed Mohammed discusses with Security Consultant Evan Gertis, what makes an Application Security Champion, best practices, and more.
Aug 3, 2020   |  By Veracode
With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.
Aug 3, 2020   |  By Veracode
While shifting security left in your software development lifecycle is crucial to application security success, it's still imperative to maintain testing in the later stages of your process. After all, some web application vulnerabilities can only be discovered at that point in the SDLC.
Aug 1, 2020   |  By Veracode
You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes.
  • Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.
  • Aug 1, 2020   |  By Veracode
    Veracode Static Analysis provides fast, automated security feedback to developers; conducts a full policy scan before deployment; and gives clear guidance on what issues to focus on and how to fix them faster.
    Jul 1, 2020   |  By Veracode
    Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.
    Jul 1, 2020   |  By Veracode
    In a world where time is money, companies are required to churn out software quickly or get left in the dust. To stay ahead of the market, developers are turning towards open source code, which - when secure - can be a valuable asset towards their efforts
    Jun 1, 2020   |  By Veracode
    Today, most organizations are in a race to deliver new, innovative software before their competitors. In turn, they have gone from bi-annual software releases to daily, hourly, or even by-the-minute releases. To keep up with these rapid deployments, security has had to shift from being a late-stage blocker, to an integrated part of the development process. Developers have been doing their best to implement these security measures, but since their performance is often tied to the rate of deployments, speed tends to take precedence. As a security professional, what are some steps you can take so that security doesn't take a back seat to speed?
    Jun 1, 2020   |  By Veracode
    Veracode Security Labs shifts application security knowledge "left," earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.

    Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.

    Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

    The Veracode Solution:

    • Overcoming DevSecOps Challenges: Innovating through software holds many promises but also bears risks. AppSec programs often struggle with the same problems:
      • Some solutions are hard to manage and scale.
      • Developers are not empowered to fix security issues.
      • Security teams lack bandwidth to manage DevSecOps programs.
      Veracode addresses all of these challenges with a unique combination of automated application analysis in the pipeline, plus DevSecOps expertise for developers and security professionals, all delivered through a scalable SaaS platform.
    • Delivered Through SaaS: Our SaaS model delivers a better, more scalable service at a lower cost. Because we've analyzed over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy - without tuning. Our expertise is based on analyzing customer programs for over a decade.
    • Application Analysis: Veracode simplifies AppSec programs by combining five application security analysis types in one solution, all integrated into the development pipeline.
    • Developer Enablement: Most AppSec programs forget that there is only one team that can fix security findings: the development team. Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
    • AppSec Governance: AppSec programs can only be successful if all stakeholders value and support them. That’s why Veracode helps security teams to demonstrate the value of AppSec.

    Manage Your Entire Application Security Program in a Single Platform.