Application Security Information and Resources
The following is an extensive library of topical guides that are helpful and informative resources on a range of topics relating to application security.
Agile Security While software development teams have often seen a conflict between Agile methods and secure development, agile security is the only way to ensure the long-term viability of software projects. Learn More
Agile Testing While the Agile software development lifecycle, or Agile SDLC, has helped to increase the pace and quality of software development, Agile security can sometimes suffer when speed is prioritized over effective Agile testing. Learn More
Agile Testing Process Many development teams are struggling to find an agile testing process that effectively balances the need for speed and SDLC security. Learn More
Android Hacking Since its inception in September 2008, the Android Platform has been a favorite of hackers worldwide. The open source platform and the variety of hardware options makes Android a hacker’s dream. Learn More
Android Security Learn about safeguarding Android apps and the proper steps to keep your Android mobile device secure.Learn More
Application Security Assessment For enterprises developing software, an application security assessment is essential to producing software that is free of flaws and vulnerabilities. Learn More
Application Security Best Practices First and foremost among application security best practices is the need to integrate testing into the software development process. Learn More
Application Security Tools The right application security tools can help development teams build safer software faster. Learn More
Application Testing Tool Application testing is an important part of securing your enterprise. By identifying vulnerability in software before it is deployed or purchased, Web application testing tools help ward off threats and the negative impact they can have on competitiveness and profits. Learn More
Application Vulnerability Applications are the weak link in your data protection strategy. Don't allow attackers to gain access to confidential information through vulnerabilities in your applications. Learn More
ARP Spoofing ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. Learn More
Automated Code Testing For development teams tasked with delivering better software faster, automated code testing tools can help to effectively and painlessly inject security into the software development lifecycle (SDLC). Learn More
Binary Analysis is a new approach for application security testing and is revolutionizing software security. Binary code analysis scans compiled or "byte" code instead of source code, so enterprises can test comprehensively and more accurately. Learn More
Blackbox Test A blackbox test is a tool for finding security errors in applications in production. Learn More
Black Box Analysis Dynamic Analysis Security Testing (DAST), also known as black box analysis, is a critical tool for securing web applications. Learn More
A botnet is a network of compromised computers under the control of a malicious actor. Each individual device in a botnet is referred to as a bot. A bot is formed when a computer gets infected with malware that enables third-party control. Learn More
Buffer Overflow occurs when there is more data in a buffer than it can handle, causing data to overflow into adjacent storage. Learn More
BYOD Security BYOD is short for “Bring Your Own Device,” a term that refers to the practice of allowing employees to bring their own mobile devices to work for use with company systems, software, networks, or information. Learn More
Cache Poisoning Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the Domain Name System (DNS) name server. The Domain Name System is a system that associates domain names with IP addresses. Learn More
Cloud-based Security A cloud-based security solution has many advantages over on-premises solutions, the primary being updates that can keep up with the speed of devops processes. Learn More
Code Review Tools Code review is an examination of computer source code. A code review tool finds and fixes mistakes introduced into an application in the development phase, improving both the overall quality of software and the developers' skills. Learn More
Code Security Analysis Security is a major aspect of business competitiveness today. A major attack on the enterprise can reduce productivity, tie up resources, harm credibility and cut into profits.
Commercial Off the Shelf Software Commercial off the shelf software (COTS) refers to any software pre-built by a third-party vendor and purchased or licensed for use by an enterprise. Learn More
Computer Worm Computer worms are among the most common types of malware. They spread over computer networks by exploiting operating system vulnerabilities. Learn More
CRLF Injection refers to the special character elements "Carriage Return" and "Line Feed." Exploits occur when an attacker is able to inject a CRLF sequence into an HTTP stream. Learn More
Cross-Site Request Forgery Cross-Site Request Forgery (CSRF) is a malicious attack that tricks the user’s Web browser to perform undesired actions so that they appear as if an authorized user is performing those actions. Learn More
Cross-Site Scripting XSS vulnerabilities target scripts embedded in a page that are executed on the client-side (in the user’s web browser) rather than on the server-side. Learn More
Cybersecurity Many companies and countries understand that cyberthreat is one of the most serious economic security challenges they face and that their economic prosperity depends on cybersecurity. Learn More
DAST Test A dynamic analysis security testing tool, or a DAST test, is an application security solution that can help to find certain vulnerabilities in web applications while they are running in production. Learn More
Data Breach As the number of internet-connected devices skyrockets into the billions, a data breach prevention strategy is an increasingly important part of any organization’s ability to manage and protect critical and confidential information. Learn More
Data Leak Protection As organizations increasingly store and communicate confidential information using digital technology, data leak protection has come into focus as a critical security requirement. Learn More
Data Loss Prevention According to a Gartner CISO survey, data loss prevention (DLP) is a top priority for CISOs. Learn More
Data Loss Protection The key to effective data loss protection strategy is to adopt a multi-layered approach that addresses the potential for data loss at every level. Learn More
Data Security The first step in protecting your enterprise's data privacy and security is to identify the types of information you want to protect and where that information is exposed in your organization. Learn More
DevOps Security The practice of DevOps is transforming the software development lifecycle (SDLC), bringing lessons learned from quality control in manufacturing to the design and production of applications. Learn More
DevOps Testing As DevOps transforms the software development process, development teams everywhere are searching for powerful DevOps testing tools that provide the speed and ease-of-use needed to ensure application security. Learn More
DevSecOps DevSecOps, or secure devops, is the mindset in software development that everyone is responsible for application security. Learn More
Directory Traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Learn More
Dynamic Analysis is the testing and evaluation of a program by executing data in real-time and is key to application security. Learn More
Ethical Hacking Computer hacking is a practice with many nuances. Intent, whether benign or malicious, is often in the eyes of the beholder. When examining the root cause of a website hack or application exploit, it pays to follow the money. Learn More
Facebook Security User's guide to Facebook Application Security. Get tips to protect your Facebook account from security flaws. Learn More
Failure to Restrict URL Access is one of the common vulnerabilities listed on the Open Web Application Security Project’s (OWASP) Top 10. The OWASP Top 10 details the most critical vulnerabilities in web applications. Learn More
Firewall Security The term firewall originated to describe a building wall that offers physical protection from damaging fire. Firewall security technology, first introduced to computer networks in the late 1980s, protects private networks by securing gateway servers to external networks like the internet. Learn More
Flash Security Flash has a long record of critical security updates aimed at patching flash vulnerabilities and flash malware, but these issues continue to surface as more flash security issues are discovered. Learn More
iOS Security Veracode's complete guide to iOS security for users. Learn best practices and tips to protect your Apple iPhone and iPad from security breaches.Learn More
Information Technology Infrastructure Library (ITIL) The Information Technology Infrastructure Library (ITIL) is an amassed collection of information that contains guidelines about how to create best practice infrastructure in the IT management of your organization.
Insecure Cryptographic Storage Insecure cryptographic storage is a common vulnerability that occurs when sensitive data is not stored securely from internal users. Learn More
Insufficient Transport Layer Protection is a security weakness caused by applications not taking any measures to protect network traffic. Learn More
Internet Security is critical for online applications because the web and internet applications must be available 24 hours a day, seven days a week. Learn More
JavaScript Security JavaScript is a high-level, interpreted programming language that has been widely used since its release in 1995. Since its release, there have been several JavaScript security issues that have gained widespread attention
Keylogger Keyloggers or keystroke loggers are software programs or hardware devices that track the activities (keys pressed) of a keyboard. Keyloggers are a form of spyware where computer users are unaware their actions are being tracked. Learn More
LDAP Injection LDAP injection is the technique of exploiting web applications that use client-supplied data in LDAP statements without first stripping potentially harmful characters from the request. Learn More
Linux Hacking Linux is an open source operating system. Linux is a Unix-like operating system, meaning that it supports multitasking and multi-user operation. Linux is widely used for supercomputers, mainframe computers and servers. Learn More
Malicious Code Analysis tools are designed to uncover any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Learn More
Malicious Mobile Applications A guide to forms of mobile malware and BYOD based protection against them. Learn about MMA history and trends. Read More
Malware Malware is short for “malicious software”: hostile applications that are created with the express intent to damage or disable mobile devices, computers or network servers. Malware’s objectives can include disrupting computing or communication operations, stealing sensitive data, accessing private networks or hijacking systems to exploit their resources. Learn More
Man in the Middle Attack (MITM) A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. Learn More
Mobile Code Security Modern mobile applications run on mobile devices that have the functionality of a desktop or laptop running a general purpose operating system.Learn More
Packet Analyzer Packet analyzers are used to monitor, intercept and decode data packets as they are transmitted across networks Password Hacking Any way you look at it: your secret passwords are under attack. Computer hackers love to successfully defeat cryptography systems. Cybercriminals enjoy getting access to your online accounts.
Penetration Testing Penetration testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Learn More
Rootkit A rootkit is a computer program designed to provide privileged access to a computer while actively hiding its presence. Once a rootkit has been installed, the controller of the rootkit has the ability to remotely execute files and change system configurations on the host machine. Learn More
Ruby Security Just like security applications with other frameworks, securing Ruby apps requires a mix of utilizing best practices in coding along with correctly using helper methods to protect against certain types of attacks. Learn More
Runtime Application Self Protection Runtime application self-protection (RASP) is a security technology that is built into an application and can detect and then prevent real-time application attacks. Learn More
Secure Development With the vast amount of threats that constantly pressure companies and governments, it is important to ensure that the software applications these organizations utilize are completely secure.
Secure DevOps While DevOps is disrupting software development in powerful and productive ways, implementing devops testing and understanding how to secure DevOps remains a mystery to many development teams. Learn More
Secure Web Application Development Secure web application development is acknowledged as a critical priority for every enterprise producing software. Learn More
Securing Web Applications Effectively securing web applications is critical to preventing data breaches. Learn More
Security Review Software The goal of a software security review is to identify and understand the vulnerabilities that can be exploited in the code your organization leverages. Your business may leverage software and code from a variety of sources, including both internally developed code, outsourced development and purchased third-party software. Learn More
Software Audit There are many ways to “audit” a software application. Indeed, the most basic kinds of software audits examine how the software is functionally configured, integrated or utilized within an organization.
Software Code Security The key to achieving superior software code security is to find a solution that can review large amounts of code as needed, in order to meet development timelines. Learn More
Software Development Lifecycle (SDLC) A software development lifecycle (SDLC) is a series of steps, or stages, that provide a model for the development and lifecycle management of an application or piece of software. Learn More
Software of Unknown Pedigree is a term used where software/hardware/firmware governs a system that if breached could have explicit implications on consumer safety. Learn More
Software Security By testing for flaws in software, security testing solutions seek to remove vulnerabilities before software is purchased or deployed — and before the flaws can be exploited. Learn More
Software Testing Software testing to find flaws and vulnerabilities in code is a critical part of the software development lifecycle (SDLC). Learn More
Software Testing Process As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. Learn More
Software Testing Tools As the enterprise network has become more secure, attackers have turned their attention to the application layer, which, according to Gartner, now contains 90 percent of all vulnerabilities. To protect the enterprise, security administrators must perform detailed software testing and code analysis when developing or buying software. Learn More
Source Code Analysis For enterprises seeking a source code analysis solution that can actually deliver 100 percent coverage even when source code is not available, Veracode has the answer. Learn More
Source Code Security Analyzer Source Code Security Analyzers performs both dynamic (automated penetration test) and static (automated code review) code analysis and finds security vulnerabilities that include malicious code as well as the absence of functionality that may lead to security breaches. Learn More
Spoofing Attack A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. Learn More
Spyware Although it sounds like something James Bond would employ, spyware is all too real. Spyware is any software that installs itself on your computer and starts covertly monitoring your online behavior without your knowledge or permission. Learn More
SQL Injection SQL injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command that is executed by a web application, exposing the back-end database. Learn More
Static Analysis Static analysis is the analysis of computer software that is performed without actually executing, or running, that software. Static analysis tools look at applications in a non-runtime environment. This method of testing has distinct advantages in that it can evaluate both web and non-web applications and through advanced modeling, can detect flaws in the software’s inputs and outputs that cannot be seen through dynamic web scanning alone. Learn More
Static Code Analysis Static code analysis, also commonly called "white-box" testing, looks at applications in non-runtime environment. This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and through advanced modeling, can detect flaws in the software’s inputs and outputs that cannot be seen through dynamic web scanning alone. Learn More
Static Testing With static testing (also known as white box testing), an application’s source code or compiled binary is evaluated for security vulnerabilities and coding flaws. Learn More
Third-Party Software Security Third-party also known as supply chain, vendor supplied or outsourced software is any program or application that is not written exclusively by employees belonging to the company for which that software was created. Read More
Vulnerability Assessment Veracode's vulnerability assessment tools help users eradicate vulnerabilities. Learn More
Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing (VAPT) are two types of vulnerability testing. The tests have different strengths and are often combined to achieve a more complete vulnerability analysis. Learn More
Vulnerability Scanner Vulnerability scanning offers a way to find application backdoors, malicious code and other threats that may exist in purchased software or applications developed internally. Learn More
Vulnerability Management Vulnerability management can be defined as “the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities." Organizations use vulnerability management to preemptively defend against the exploitation of vulnerabilities in company applications, software and networks. Learn More
Web App Monitoring Web app monitoring lets you find, secure and monitor all your web apps – even the ones you may have lost track of. Learn More
Web App Penetration Testing Web app penetration testing is a key security requirement for a variety of regulatory frameworks, from PCI DSS and GLBA to HIPAA and FISMA. Learn More
A Web Application is any application that is accessed via a web browser. The browser is the client that runs the web application and allows the user to enter information. Learn More
Web Application Audit For app developers, a web application audit is the best way to ensure your app is secure before you release it and to prevent hacks, damage to reputation and significant losses to your bottom line. Learn More
Web Application Monitoring Web app monitoring is the process of identifying, securing, and continuously monitoring all web applications. Learn More
Web Application Penetration Testing When searching for vulnerabilities in websites and web apps, manual web application penetration testing is essential. Learn More
Web Application Scanning Web application scanning can help IT teams to monitor the web perimeter and limit risk exposure more effectively. Learn More
Web Application Security Web application testing is critical to enterprise security. Because web applications must be available 24/7 and offer data access to customers, employees, suppliers, and others, they are frequently the weak link in enterprise security. Learn More
Web Application Security Testing Web application security testing is critical to protecting your both your apps and your organization. Learn More
Web Application Testing Web application testing is a critical tool in the defense against security threats to your software applications. Learn More
Web Security Website security protects your data and your users. Learn More
Wireless Sniffer A wireless sniffer is a type of packet analyzer. A packet analyzer (also known as a packet sniffer) is a piece of software or hardware designed to intercept data as it is transmitted over a network and decode the data into a format that is readable for humans. Learn More
White Box Test A white box test is a software testing method in which the internal architecture of the software being tested is known to the tester. Learn More
Veracode Products
Veracode Software Composition Analysis
Veracode Web Application Scanning
