Burlington, MA, USA
Oct 16, 2020   |  By Meaghan McBee
Cyberattackers and threat actors won’t take a break and wait for you to challenge them with your security efforts – you need a proactive application security (AppSec) program to get ahead of threats and remediate flaws quickly. It’s critical that you stand up an AppSec program covering all the bases, from which roles each team member will have to alignment on KPIs and goals, and even a detailed application inventory to stay on top of your code.
Oct 8, 2020   |  By Hope Goslin
October is cybersecurity awareness month, and this year, the overarching theme is “Do Your Part. #BeCyberSmart.” When considering what “cybersmart” means in application security, we realized we unearthed some data this year that made us a little cybersmarter and could help other security professionals and developers increase their AppSec smarts as well. We’re sharing those data gems below.
Oct 5, 2020   |  By Veracode
DevSecOps becomes a seamless experience by making AppSec tools accessible in familiar interface
Oct 5, 2020   |  By Meaghan McBee
Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just to meet critical deadlines, and while they plan for remediation on a later release, lingering flaws only add to risky security debt.
Oct 1, 2020   |  By Hope Goslin
Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But – shockingly – less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Oct 1, 2020   |  By Hope Goslin
Veracode has been officially recognized by Gartner Peer Insights as a 2020 Customers’ Choice for Application Security Testing. The report includes Veracode’s aggregate score of 4.6 out of 5 stars out of 95 independent customer reviews (as of July 31, 2020), and of the reviewers, 92 percent said that they would recommend Veracode’s AST solutions. Veracode, the largest global provider of application security (AST) solutions.
Sep 24, 2020   |  By Meaghan McBee
Maximizing the value of your application security (AppSec) analytics not only provides a window into whether or not you’re meeting security requirements but also it helps you prove your ROI. That can be a challenge for a lot of organizations – when stakeholders are not close to the data, they may miss milestones like hitting goals for reducing security debt or even how much AppSec program has matured by data.
Sep 21, 2020   |  By Hope Goslin
When investing in an application security (AppSec) program, you expect to see a return on your investment. But in order to recognize a return, your organization needs to determine what success looks like and find a way to measure and prove that the program is meeting your definition of success.
Sep 16, 2020   |  By Meaghan McBee
Theoretical physicist Stephen Hawking was spot on when he said, “Whether you want to uncover the secrets of the universe, or you just want to pursue a career in the 21st century, basic computer programming is an essential skill to learn.” It’s no secret that programming is a thriving career path – especially with the speed of software development picking up, not slowing down.
Sep 15, 2020   |  By Jason Lane
Sensitive data exposure is currently at number 3 in the OWASP Top 10 list of the most critical application security risks. In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data. We will illustrate our suggestions with code samples in C# that can be used in ASP.NET Core applications. OWASP lists passwords, credit card numbers, health records, personal information and business secrets as sensitive data.
Oct 15, 2020   |  By Veracode
Hear from our Co-Founder and Chief Technology Officer, Chris Wysopal, and our Chief Executive Officer, Sam King, on how Veracode was started and why it's a SaaS-based company. The video also outlines our mission of helping customers secure their software.
Oct 8, 2020   |  By Veracode
We all know that lurking within even the most popular open source packages are flaws that can leave carefully constructed applications vulnerable. In fact, 71% of all applications contain flawed open source libraries, many (70.7%) coming from downstream dependencies which might escape the notice of developers. Using graph analytics and a broad data science toolkit, we untangle the web of open source dependencies and flaws and show the best way for developers to navigate this seemingly intractable game of whack-a-mole.
Sep 30, 2020   |  By Veracode
In this video, you will learn how to install the Veracode for VS Code extension. The Veracode for VS Code extension is available from the Visual Studio Marketplace. Greenlight finds security defects in your code in seconds so you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs a Veracode Greenlight scan at the file level, and supports JavaScript, TypeScript, and C#.
Sep 11, 2020   |  By Veracode
Sep 2, 2020   |  By Veracode
The software supply chain can come with great risk if you’re not set up with the right processes, solutions, and tools, as well as the right checks and balances for third-party vendors. What Will You Learn? The entire development process, from ideation to creation and even the tools you have in place, can stall if there are security issues in your software supply chain. Without the right infrastructure in place, that can mean problems for your CI/CD and, down the road, the applications your customers rely on.
Aug 24, 2020   |  By Veracode
In this video, you will learn how to configure an API service account in the Veracode Platform. To be able to access the Veracode APIs, you must either have a user account or API service account with the required user roles for performing specific API tasks. Before you can configure these two account types, you must log into the Veracode Platform using an account with the Administrator role or Team Admin role. A user account with the required role permissions can access the Results XML API, Upload XML API, and the Mitigation and Comments XML API.
Aug 5, 2020   |  By Veracode
Veracode has helped thousands of customers integrate security into their development cycle, and we’ve now got lessons learned, best practices, and pitfalls to avoid. Join Adrian Benvenuti, Vice President of Cybersecurity Risk and Architecture at Moody’s and Chris Kirsch, Director, Product Marketing at Veracode as they discuss how real-life AppSec programs are helping security and development teams work together to secure code.
Jul 30, 2020   |  By Veracode
In this video, you will learn how to generate Veracode API credentials in the Veracode Platform and configure an API credentials file for storing your API credentials on Windows.
Jul 30, 2020   |  By Veracode
In this video, you will learn how to generate Veracode API credentials in the Veracode Platform and configure an API credentials file for storing your API credentials on MacOS and Linux.
Aug 3, 2020   |  By Veracode
While shifting security left in your software development lifecycle is crucial to application security success, it's still imperative to maintain testing in the later stages of your process. After all, some web application vulnerabilities can only be discovered at that point in the SDLC.
Aug 3, 2020   |  By Veracode
With a comprehensive AppSec program, you want to understand your entire development, security, and application footprint so you can roll out consistent tools and processes. As a result, only a portion of your applications are covered, leaving vulnerabilities unprotected. And blind spots are clouding visibility into risk reduction efforts, making it difficult to report on progress throughout your organization.
Aug 1, 2020   |  By Veracode
Veracode Static Analysis provides fast, automated security feedback to developers; conducts a full policy scan before deployment; and gives clear guidance on what issues to focus on and how to fix them faster.
Aug 1, 2020   |  By Veracode
You want AppSec tools in your development process, but anything less than full integration undermines your program's effectiveness. Getting the right resources into developers' hands typically requires: tools, systems, and processes.
  • Ongoing maintenance: Routine patches and upgrades can be time consuming-especially if you're supporting multiple geographies or teams-and may break your customizations.
  • Jul 1, 2020   |  By Veracode
    In a world where time is money, companies are required to churn out software quickly or get left in the dust. To stay ahead of the market, developers are turning towards open source code, which - when secure - can be a valuable asset towards their efforts
    Jul 1, 2020   |  By Veracode
    Developers want to create secure code, but lack training, so they must rely on AppSec experts to create secure applications. But the severe cybersecurity talent shortage leads to: As a result, developers are often conducting their own security research, which takes substantial time, increasing software delays and costs. With Veracode, you enable developers to write secure code and decrease flaws, so you can make your developers security self-sufficient.
    Jun 1, 2020   |  By Veracode
    Veracode Security Labs shifts application security knowledge "left," earlier in the development cycle, through guided, interactive exercises that train developers to tackle modern threats in the evolving cybersecurity landscape and deliver secure code on time.
    Jun 1, 2020   |  By Veracode
    Today, most organizations are in a race to deliver new, innovative software before their competitors. In turn, they have gone from bi-annual software releases to daily, hourly, or even by-the-minute releases. To keep up with these rapid deployments, security has had to shift from being a late-stage blocker, to an integrated part of the development process. Developers have been doing their best to implement these security measures, but since their performance is often tied to the rate of deployments, speed tends to take precedence. As a security professional, what are some steps you can take so that security doesn't take a back seat to speed?

    Veracode delivers the application security solutions and services today’s software-driven world requires. Veracode’s unified platform assesses and improves the security of applications from inception through production so that businesses can confidently innovate with the web and mobile applications they build, buy and assemble as well as the components they integrate into their environments.

    Veracode’s powerful cloud-based platform, deep security expertise, and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.

    The Veracode Solution:

    • Overcoming DevSecOps Challenges: Innovating through software holds many promises but also bears risks. AppSec programs often struggle with the same problems:
      • Some solutions are hard to manage and scale.
      • Developers are not empowered to fix security issues.
      • Security teams lack bandwidth to manage DevSecOps programs.
      Veracode addresses all of these challenges with a unique combination of automated application analysis in the pipeline, plus DevSecOps expertise for developers and security professionals, all delivered through a scalable SaaS platform.
    • Delivered Through SaaS: Our SaaS model delivers a better, more scalable service at a lower cost. Because we've analyzed over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy - without tuning. Our expertise is based on analyzing customer programs for over a decade.
    • Application Analysis: Veracode simplifies AppSec programs by combining five application security analysis types in one solution, all integrated into the development pipeline.
    • Developer Enablement: Most AppSec programs forget that there is only one team that can fix security findings: the development team. Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
    • AppSec Governance: AppSec programs can only be successful if all stakeholders value and support them. That’s why Veracode helps security teams to demonstrate the value of AppSec.

    Manage Your Entire Application Security Program in a Single Platform.