Veracode

Testing OWASP's Top 10 API Security Vulnerabilities (Part 1)

Apr 6, 2022 By Saoirse Hinksmon In Veracode

Application Programming Interface (API) attacks are set to become one of the most prevalent cyberattacks with a broad target range. By nature, APIs expose application logic and sensitive data such as personally identifiable information (PII), causing APIs to become a target for attackers. In 2019, Gartner predicted that API hacks would become the most common form of cyberattacks in 2022. So how can teams stay ahead of API attacks?

Read Post

Veracode

Read more about Testing OWASP's Top 10 API Security Vulnerabilities (Part 1)

Spring4Shell Vulnerability vs Log4Shell Vulnerability

Apr 1, 2022 By Hope Goslin In Veracode

On March 29, 2022, details of a zero-day vulnerability in Spring Framework (CVE-2022-22965) were leaked. For many, this is reminiscent of the zero-day vulnerability in Log4j (CVE-2021-44228) back in December 2021.

Read Post

Veracode

Read more about Spring4Shell Vulnerability vs Log4Shell Vulnerability

Spring Framework Remote Code Execution (CVE-2022-22965)

Mar 31, 2022 By The Veracode Research Team In Veracode

Details of a zero-day vulnerability in Spring Framework were leaked on March 29, 2022 but promptly taken down by the original source. Although much of the initial speculation about the nature of the vulnerability was incorrect, we now know that the vulnerability has the potential to be quite serious depending on your organization’s use of Spring Framework. There is also a dedicated CVE 2022-22965 assigned to this vulnerability. We will keep this blog updated as new information comes up.

Read Post

Veracode

Read more about Spring Framework Remote Code Execution (CVE-2022-22965)

Veracode Product Update

Mar 31, 2022 By Veracode In Veracode

This episode of Veracode Insiders features Elisa Velarde, Senior Product Marketing Manager, here at Veracode. Tune in for an update on a new product enhancement that allows your security team to find log4shell at runtime.

View Video

Veracode

Read more about Veracode Product Update

The Public Sector Has the Highest Proportion of Security Flaws of Any Industry

Mar 29, 2022 By Hope Goslin In Veracode

We recently launched the 12th annual edition of our State of Software Security (SOSS) report. To draw conclusions for the report, we examined the entire history of active applications. For the public sector data, we took the same approach. We examined the entire history of applications for government agencies and educational institutions. We found that the public sector has the highest proportion of security flaws of any industry.

Read Post

Veracode

Read more about The Public Sector Has the Highest Proportion of Security Flaws of Any Industry

Shifting Log4j Discovery Right

Mar 22, 2022 By Hope Goslin In Veracode

You hear a lot about shifting your application security (AppSec) left – in other words, shifting AppSec to the beginning of the software development lifecycle (SDLC). While we firmly believe that you should continue scanning in development environments, that doesn’t mean that you should neglect applications that have been deployed to or staged in runtime environments.

Read Post

Veracode

Read more about Shifting Log4j Discovery Right

Application Security Technology Predictions 2022 with Chris Wysopal

Mar 17, 2022 By Veracode In Veracode

Chris Wysopal, CTO and Co-founder of #Veracode shares his 2022 Application Security Technology Predictions with Community Manager, Javed Mohammed.

View Video

Veracode

Read more about Application Security Technology Predictions 2022 with Chris Wysopal

Veracode Announces Significant Growth Investment From TA Associates

Mar 15, 2022 By Sam King In Veracode

I am pleased to share the exciting news that TA Associates (“TA”), a leading global growth equity firm, has signed an agreement to make a strategic growth investment in Veracode, taking a majority equity position in the business. Thoma Bravo will also continue to be an investor alongside TA. This new partnership is forming at a critical moment in the evolution of the software security market.

Read Post

Veracode

Read more about Veracode Announces Significant Growth Investment From TA Associates

Veracode Achieves AWS Security Competency Status

Mar 2, 2022 By Hope Goslin In Veracode

We are proud to announce that we have recently achieved AWS Security Competency Partner status. This status exemplifies our technical expertise and dedication to helping customers secure their software at every stage of cloud adoption.

Read Post

Veracode

Read more about Veracode Achieves AWS Security Competency Status

New in Security Labs: Kotlin & Swift Mobile Courses

Feb 28, 2022 By Saoirse Hinksmon In Veracode

This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.

Read Post

Veracode

Read more about New in Security Labs: Kotlin & Swift Mobile Courses

Subscribe to Veracode

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Veracode

Testing OWASP's Top 10 API Security Vulnerabilities (Part 1)

Spring4Shell Vulnerability vs Log4Shell Vulnerability

Spring Framework Remote Code Execution (CVE-2022-22965)

Veracode Product Update

The Public Sector Has the Highest Proportion of Security Flaws of Any Industry

Shifting Log4j Discovery Right

Application Security Technology Predictions 2022 with Chris Wysopal

Veracode Announces Significant Growth Investment From TA Associates

Veracode Achieves AWS Security Competency Status

New in Security Labs: Kotlin & Swift Mobile Courses

Monthly Archive

Follow Us