Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Over the past year, the retail and hospitality industries have been forced to adapt to the “new normal.” Since lockdowns and health concerns have prevented or dissuaded in-person shopping or dining, the new normal has been e-commerce. Smaller businesses not equipped for the increase in e-commerce have had to undergo rapid digital transformation in order to stay afloat. But, unfortunately, e-commerce was not the only thing to increase in 2020.

Software is becoming an increasingly pivotal part of modern business and society. In turn, consumers have come to expect instant gratification. This has driven businesses to concentrate on innovation and speed to market. Businesses that can’t keep up with the hyper-competitive market of speed-to-value are falling behind.

If you’re looking to start or optimize an AppSec program in 2021, the Forrester WaveTM report is a good place to begin your research. The report not only details essential elements of AppSec solutions, but also ranks 12 static application security testing (SAST) vendors based on their current offering, strategy, and market presence. Development speeds and methods are changing and the requirements for a SAST solution are evolving as well.

TrustRadius recently awarded Veracode with a 2021 Best Application Security Feature Set Award and Best Application Security Customer Support Award. These honors are given to companies that have gone above and beyond to delight their users. To win the Best Feature Set Award, each nominated organization had to receive 10 TrustRadius reviews in the past year that featured specific mention of their product’s feature set.

Over the past several years, there have been many changes to software development and software security, including new and enhanced application security (AppSec) scans and architectural shifts like serverless functions and microservices. But despite these advancements, our recent State of Software Security (SOSS) report found that 76 percent of applications have security flaws.

Digital transformation continues to accelerate, and with it, businesses continue to modernize their technological environments, leveraging developer-first cloud-native solutions to build, host, and secure their software. At Veracode, we continue to see customers leveraging large cloud providers, such as AWS, as a central platform to conduct these activities.

For this year’s State of Software Security v11 (SOSS) report, we examined how both the “nature” of applications and how we “nurture” them contribute to the time it takes to close out a security flaw. We found that the “nature” of applications – like size or age – can have a negative effect on how long it takes to remediate a security flaw.

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.

When it comes to application security (AppSec), most experts recommend using Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) as “complementary” approaches for robust AppSec. However, these experts rarely specify how to run them in a complementary fashion.