Latest Posts

veracode

Watch Here: How to Build a Successful AppSec Program

Cyberattackers and threat actors won’t take a break and wait for you to challenge them with your security efforts – you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It’s critical that you stand up an AppSec program covering all the bases, from which roles each team member will have to alignment on KPIs and goals, and even a detailed application inventory to stay on top of your code.

veracode

5 Lessons About Software Security for Cybersecurity Awareness Month

October is cybersecurity awareness month, and this year, the overarching theme is “Do Your Part. #BeCyberSmart.” When considering what “cybersmart” means in application security, we realized we unearthed some data this year that made us a little cybersmarter and could help other security professionals and developers increase their AppSec smarts as well. We’re sharing those data gems below.

veracode

Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning

Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just to meet critical deadlines, and while they plan for remediation on a later release, lingering flaws only add to risky security debt.

veracode

96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws

Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But – shockingly – less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.

veracode

Hot off the Press: Veracode Named a 2020 Gartner Peer Insights Customers' Choice for AST

Veracode has been officially recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing. The report includes Veracode’s aggregate score of 4.6 out of 5 stars out of 95 independent customer reviews (as of July 31, 2020), and of the reviewers, 92 percent said that they would recommend Veracode’s AST solutions. Veracode, the largest global provider of application security (AST) solutions.

veracode

Watch Here: Using Analytics to Measure AppSec ROI

Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you’re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations – when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has matured by data.

veracode

16% of Orgs Require Developers to Self-Educate on Security

Theoretical physicist Stephen Hawking was spot on when he said, “Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.” It’s no secret that programming is a thriving career path – especially with the speed of software development picking up, not slowing down.

veracode

Write Code That Protects Sensitive User Data

Sensitive data exposure is currently at number 3 in the OWASP Top 10 list of the most critical application security risks. In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. We will illustrate our suggestions with code samples in C# that can be used in ASP.NET Core applications. OWASP lists passwords, credit card numbers, health records, personal information and business secrets as sensitive data.