Burlington, MA, USA
Mar 3, 2023   |  By Nova
In October of 2022, a critical flaw was found in the SnakeYAML package, which allowed an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Finally, in February 2023, the SnakeYAML 2.0 release was pushed that resolves this flaw, also referred to as CVE-2022-1471. Let’s break down how this version can help you resolve this critical flaw.
Mar 2, 2023   |  By Natalie
Staying ahead of the cyberattack curve in a constantly evolving world requires a comprehensive strategy. Today's release of the Biden-Harris Administration's National Cybersecurity Strategy provides an extensive roadmap for impacting both public and private security efforts. In this blog post, we’ll take an in-depth look at three of the most software-related strategic objectives: software liability, open-source software usage, and cybersecurity workforce readiness.
Feb 28, 2023   |  By Juan
Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC).
Feb 6, 2023   |  By Jenny Buckingham
Cloud-native software development is a driving force because it empowers teams to build and deploy applications at speed and scale. Along with microservices, cloud infrastructure, and API’s, containers are a crucial part of this development process. Let’s look at the security implications of containers in cloud-native application development and how to manage the security challenges they pose.
Feb 2, 2023   |  By Sarah Zipkin
Containerization is becoming increasingly common due to portability, ability to isolate application dependencies, scalability, cost effectiveness, and ease of use. The ability to easily package and deploy code has changed the way that organizations work with applications. But like with Windows servers years ago, or AWS today, any time one specific technology gains a significant portion of the market share, it becomes a target for attackers.
Jan 31, 2023   |  By Clint Pollock
For today’s DevSecOps teams, the demands continue to intensify. Application portfolios and codebases continue to grow, while cyberattacks remain an ever-present danger. More than ever, it’s vital to ensure security gaps are identified and addressed with maximum speed and efficiency. In order to do this, you need to establish a continuous feedback loop on security threats, so you can realize optimized, sustained results – which is exactly how Veracode helps.
Jan 16, 2023   |  By Saoirse Hinksmon
We love open-source software (OSS). Not only does it save time and effort, but it’s also incredibly rewarding to collaborate with other developers on major projects. Plus, it opens the door for innovation that otherwise wouldn’t be possible at this scale. However, with code comes responsibility, and so it’s imperative to understand the risk OSS libraries carry when we’re integrating them into projects.
Jan 11, 2023   |  By Veracode
Over 30 Percent of Applications Contain Flaws at First Scan; By Five Years, Nearly 70 Percent of Apps Have At Least One Flaw Scanning via API, Hands-on Security Training, and Scan Frequency Identified as Key Factors to Reduce Flaw Introduction Over Time.
Jan 11, 2023   |  By Natalie Tischler
It’s one of our favorite times of the year – the unveiling of our annual State of Software Security (SoSS) report. Software security issues can have devastating effects on organizations, damaging their financial stability and reputations. That’s why our research this year centered on a crucial question: what can be done to avoid introducing security flaws in the first place?
Dec 7, 2022   |  By Natalie Tischler
I share a birthday with the Log4j event. However, unlike this event, I’ve been around for more than one year. On December 9th, 2021, a Tweet exposed a zero-day vulnerability in Log4j, a widely-used piece of open-source software. The announcement made headlines everywhere, and cybersecurity was suddenly put in the spotlight. It was a wake-up call for many because, in an instant, software that had been considered secure was suddenly at tremendous risk.
Mar 6, 2023   |  By Veracode
In this video, you will learn how to install the Veracode IntelliJ Plugin, generate API ID and key credentials in the Veracode platform, and store those credentials in IntelliJ. The Veracode IntelliJ Plugin enables you to upload binaries to the Veracode Platform for static security analysis. You can then review the scan results from within IntelliJ IDEA to identify and mitigate potential security findings in your applications.
Feb 6, 2023   |  By Veracode
Introducing Veracode Container Security - this new tool is now seamlessly integrated with the Continuous Software Security Platform. Veracode Container Security is a command line interface (CLI) tool that integrates into your pipeline with ease. This empowers developers to secure containers earlier in the software development life cycle, ensuring containers are built and deployed securely.
Jan 26, 2023   |  By Veracode
Chris Wysopal, CTO and Co-founder of #Veracode shares his 2023 Application Security Technology Predictions with Community Manager, Javed Mohammed.
Jan 18, 2023   |  By Veracode
In this video, you will learn how to set up an agent and start scanning with the Veracode Software Composition Analysis agent-based scan.
Jan 17, 2023   |  By Veracode
Introducing the Veracode SCA Scan for VS Code Plugin Developers can now: · Run an SCA Scan with Veracode· Identify vulnerabilities and license risks in open-source dependencies· Prioritize and rapidly fix any issues· Access the Veracode database, remediation guidance, and more All from within VS Code! Easily download the extension from the VS Code Marketplace.
Dec 20, 2022   |  By Veracode
In this video, you will learn how to install the Veracode Greenlight for Visual Studio extension. Veracode Greenlight finds the defects in your code as you write it and provides recommendations and code examples to help you fix them directly in your IDE. It allows you to write quality secure code from the very beginning while perfecting your understanding of application security Best Practices.
Nov 23, 2022   |  By Veracode
In this video, you will learn how to generate Veracode API credentials in the Veracode Platform and configure an API credentials file for storing your API credentials on Windows. Veracode API credentials consist of an ID and secret key. You use these credentials to access the Veracode APIs and Veracode integrations. API ID and key authentication provides improved security and session management for accessing the APIs.
Nov 8, 2022   |  By Veracode
Veracode Peer Benchmarking empowers you to view on-demand benchmark reports to identify strengths and weaknesses, define goals, track KPIs, and demonstrate security as a competitive differentiator.
Oct 31, 2022   |  By Veracode
Join Veracode and Cybeats as they engage in a discussion breaking down all of the details from creation to strategies around SBOMs.
Sep 15, 2022   |  By Veracode
Katina Hamann, Strategic Account Manager at Trace3 describes the business factors that drive application security requirements for their customers.
Aug 3, 2020   |  By Veracode
While shifting security left in your software development lifecycle is crucial to application security success, it's still imperative to maintain testing in the later stages of your process. After all, some web application vulnerabilities can only be discovered at that point in the SDLC.
Aug 3, 2020   |  By Veracode
With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.
Aug 1, 2020   |  By Veracode
Veracode Static Analysis provides fast, automated security feedback to developers; conducts a full policy scan before deployment; and gives clear guidance on what issues to focus on and how to fix them faster.
Aug 1, 2020   |  By Veracode
You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes.
  • Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.
  • Jul 1, 2020   |  By Veracode
    In a world where time is money, companies are required to churn out software quickly or get left in the dust. To stay ahead of the market, developers are turning towards open source code, which - when secure - can be a valuable asset towards their efforts
    Jul 1, 2020   |  By Veracode
    Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.
    Jun 1, 2020   |  By Veracode
    Today, most organizations are in a race to deliver new, innovative software before their competitors. In turn, they have gone from bi-annual software releases to daily, hourly, or even by-the-minute releases. To keep up with these rapid deployments, security has had to shift from being a late-stage blocker, to an integrated part of the development process. Developers have been doing their best to implement these security measures, but since their performance is often tied to the rate of deployments, speed tends to take precedence. As a security professional, what are some steps you can take so that security doesn't take a back seat to speed?
    Jun 1, 2020   |  By Veracode
    Veracode Security Labs shifts application security knowledge "left," earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.

    Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.

    Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

    The Veracode Solution:

    • Overcoming DevSecOps Challenges: Innovating through software holds many promises but also bears risks. AppSec programs often struggle with the same problems:
      • Some solutions are hard to manage and scale.
      • Developers are not empowered to fix security issues.
      • Security teams lack bandwidth to manage DevSecOps programs.
      Veracode addresses all of these challenges with a unique combination of automated application analysis in the pipeline, plus DevSecOps expertise for developers and security professionals, all delivered through a scalable SaaS platform.
    • Delivered Through SaaS: Our SaaS model delivers a better, more scalable service at a lower cost. Because we've analyzed over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy - without tuning. Our expertise is based on analyzing customer programs for over a decade.
    • Application Analysis: Veracode simplifies AppSec programs by combining five application security analysis types in one solution, all integrated into the development pipeline.
    • Developer Enablement: Most AppSec programs forget that there is only one team that can fix security findings: the development team. Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
    • AppSec Governance: AppSec programs can only be successful if all stakeholders value and support them. That’s why Veracode helps security teams to demonstrate the value of AppSec.

    Manage Your Entire Application Security Program in a Single Platform.