%term

The latest News and Information on Application Security including monitoring, testing, and open source.

Software Composition Analysis Mitigates Systemic Risk in the Popular NPM Repository

Oct 29, 2021 By Hope Goslin In Veracode

Chris Wysopal, Veracode Chief Technology Officer and Co-Founder, recently sat down to discuss the open source supply chain attack on the popular npm repository. Below is the transcript and corresponding video of his reaction. Just a few days ago, we saw a classic open source supply chain attack where someone modified a JavaScript library, UA-Parser-JS, which is in the npm repository.

Read Post

Veracode

Read more about Software Composition Analysis Mitigates Systemic Risk in the Popular NPM Repository

Application Security (AppSec)

Oct 27, 2021 By Tim In Sentrium

There is a movement in the IT security world that is gaining traction, and it is based around the implementation of security within applications from the beginning. You may have heard buzzwords like “AppSec”, “DevSecOps” and “Shift Left”, but what do they actually mean? What does it take to “Shift Left” when developing a secure application? You can read about dealing with dependencies in our blog post.

Read Post

Sentrium

Read more about Application Security (AppSec)

Providing Comprehensive Application Security from Code to Production: New Snyk and Hdiv Security Partnership

Oct 26, 2021 By Carey Stanton In Snyk

Together, we look forward to helping more global businesses to innovate securely by combining Snyk’s static analysis with Hdiv’s interactive testing capabilities. This will allow these digital-first organizations to continue their rapid pace of innovation while staying secure through comprehensive application security – from code in development to running workloads in production.

Read Post

Snyk

Read more about Providing Comprehensive Application Security from Code to Production: New Snyk and Hdiv Security Partnership

Veracode Co-Founder & CTO Chris Wysopal talks to BBC World News

Oct 14, 2021 By Veracode In Veracode

Chris Wysopal joined BBC World News for an interview to discuss the global outage of Facebook, WhatsApp and Instagram. He explored the cause of the outage and explained how the platform’s dependency on its network highlights the importance of mitigating systemic risk.

View Video

Veracode

Read more about Veracode Co-Founder & CTO Chris Wysopal talks to BBC World News

Snyk Panel: Which Comes First, Security or the App?

Oct 13, 2021 By Snyk In Snyk

Which comes first, security or the app? As development teams adopt and embrace the shift left mindset we see broader the wider software development lifecycle starting to ask the question of how soon is too soon to bring in security.

View Video

Snyk

Read more about Snyk Panel: Which Comes First, Security or the App?

4 Ways to Automate Application Security Ops

Oct 11, 2021 By Theo Despoudis In Torq

Maintaining an online business presence nowadays means that malicious actors are going to target and likely exploit any application vulnerabilities they can find sooner or later. According to the 2021 Mid Year Data Breach Report, although the number of breaches has declined by 24%, the staggering number of records that were exposed (18.8 billion) means that there is still room for improvement.

Read Post

Torq

Read more about 4 Ways to Automate Application Security Ops

View Dynamic Analysis Results

Sep 28, 2021 By Veracode In Veracode

In this video, you will learn how to view Dynamic Analysis results. Veracode Dynamic Analysis is a Dynamic Application Security Testing (DAST) solution that delivers an automated and scalable dynamic scanning capability that enables broad coverage at speed. Because security threats are always evolving, organizations need a product that enables them to start scanning quickly and scale when the security programs and coverage increase.

View Video

Veracode

Read more about View Dynamic Analysis Results

Recap: Virtual Boston Globe Summit

Sep 27, 2021 By Hope Goslin In Veracode

Veracode CEO Sam King had the opportunity to speak at this year’s inaugural virtual Boston Globe Summit, “The Great Recovery.” Sam was invited to join the panel, How Boston is Tackling the Biggest Cyber Threats Facing Society, moderated by Gregory T. Huang, Business Editor at the Boston Globe, with guests Greg Dracon of.406 Ventures and Christopher Ahlberg of Recorded Future.

Read Post

Veracode

Read more about Recap: Virtual Boston Globe Summit

Application Security Testing Evolution and How a Software Bill of Materials Can Help

Sep 23, 2021 By David Ferguson In Veracode

Early in my career, I developed web applications. At the time there were practically no frameworks or libraries to help. I was coding with Java using raw servlets and JSPs – very primitive by today's standards. There was no OWASP Top 10 and writing secure code was not something we paid much attention to.

Read Post

Veracode

Read more about Application Security Testing Evolution and How a Software Bill of Materials Can Help

MPT's Value at Veracode

Sep 21, 2021 By Juan Mazo In Veracode

You finally have some budget to buy tools for your application security (AppSec) program! GREAT! Purchasing the correct tools for your AppSec pogram can be overwhelming. Even when looking only at point solutions, there still may be some confusion on the value that various tools can provide. Sometimes you'll find the perfect tool, but others may offer you a similar tool with added manual penetration testing (MPT) as part of the overall bundle. That seems like a great idea for the budget.

Read Post