Everyone knows security training is important. But many organizations struggle to make security training more effective. At Veracode, we’ve implemented several innovations to make our eLearning platform even more engaging, relevant, user-friendly and fun. Over the past five years, we have continued to add online courses to keep up with the changing climate of threats in the real world,... READ MORE›

If an industry continuously talks about how a trend is going to be a hurdle, it becomes a hurdle. Conversely, if an industry views the trend as an opportunity and talks about it in such terms, thinking shifts toward the potential this trend brings for improvement. We are seeing this phenomenon with DevOps, but not in a good way. Security professionals are talking about the hurdles of securing... READ MORE›

We recently conducted a survey of developers and development managers to find out what’s on their minds and how their concerns compare to those of application security teams. The results contain some surprises. What’s not surprising is that development teams are feeling pressured to meet productivity goals, while still meeting requirements for quality and stability. Add to that the... READ MORE›

With 2016 coming to an end, we, like many companies, are reflecting on the trends of the past year. We are also looking outward to what the future holds for application security, and it has never been clearer that the future of application security will be tied to DevOps and integrating security into DevOps environments. As such, it is crucial that security becomes part of the entire software... READ MORE›

With the holidays quickly approaching, I can’t help but think about all of the dinner parties just around the corner and the many hours of “forced family fun” as we like to call it in our house. Don’t get me wrong, I love all the dishes that get whipped up by my family members, but with that comes the fact that you need to sit around the dinner table … for hours... READ MORE›

In earlier blog posts in this series, we’ve learned more about how the vulnerability used to break into the San Francisco Municipal Transportation Agency’s computers may have come from a single vulnerable open source component. We’ve talked a little about how developers use open source components – and why it’s hard for them to know what’s in their applications... READ MORE›

In the first part of our blog series on the ransomware attack on the San Francisco Municipal Transportation Agency, we discussed how the attacker chose to exploit a deserialization vulnerability in WebLogic to compromise vulnerable systems. And we learned that this vulnerability was a big target, because it is the result of a component (Apache Commons Collections) present in about 50 percent of... READ MORE›

The day after Thanksgiving saw the San Francisco Municipal Transportation Agency hit with a ransomware attack. The attacker demanded 100 bitcoins (about $73,000) to unlock the computer systems and ticketing machines. According to security journalist Brian Krebs, the SFMTA wasn’t targeted for political reasons – it was a target of opportunity discovered by an attacker looking for... READ MORE›

The driver races ahead, attempting to stay on track as his speed is slowly increasing. Right beside him the navigator sits, guiding the driver’s efforts through his treacherous endeavor. They are both striving to keep pace with the other, as the intensity is ramping up. Everything is about to spin out of control. Then the alarm goes off, and the driver backs away from the keyboard to now... READ MORE›