DevSecOps Challenges From a Security Perspective

The transition from DevOps to DevSecOps requires security professionals to have a whole new understanding of development processes, priorities, tools, and painpoints. It’s no longer feasible for security professionals to get by with a superficial understanding of how developers work. But this understanding can be a significant undertaking for most security pros who haven’t had to be immersed in the development side of the house previously. In its new report,…

December 6, 2019
Read More >>

[VIDEO] How Veracode Leverages AWS to Eliminate AppSec Flaws at Scale

Veracode’s SaaS-native platform has scanned more than 10 trillion lines of code for security defects – that breaks down to more than 4 million applications, with 1 million of those scanned in the last year alone. By scanning in the Veracode platform, our customers benefit from the convenience of running programs, not systems, and developers free up much-needed processing power so they can continue writing code without any obstacles. To…

November 26, 2019
Read More >>

Episode 168: Application Security Debt is growing and Securing Web Apps in the Age of IoT

Podcast: Play in new window | Download (Duration: 36:55 — 42.3MB) Subscribe: Android | Email | Google Podcasts | In this week’s episode of the podcast (#168), sponsored by Signal Sciences, Chris Eng of Veracode joins us to talk about the 10th annual State of Software Security Report and the problem of application security debt. Also, Brendan Macaraeg of Signal Sciences talks about the expanding landscape of web application attacks…

November 19, 2019
Read More >>

Using Benchmarks to Make the Case for AppSec

In a recent Veracode webinar on the subject of making the business case for AppSec, Colin Domoney, DevSecOps consultant, introduced the idea of using benchmarking to rally the troops around your AppSec cause. He says, “What you can do is you can show where your organization sits relative to other organizations and then your peers. If you’re lagging, that’s probably a good reason to further invest. If you’re leading, perhaps…

November 15, 2019
Read More >>

State of Software Security v10: Top 5 Takeaways for Security Professionals

It’s the 10th anniversary of our State of Software Security (SOSS) report! This year, like every year, we dug into our data from a recent 12-month period (this year we analyzed 85,000 applications, 1.4 million scans, and nearly 10 million security findings), but we also took a look back at 10 years of software security. With a decade’s worth of analysis about software vulnerabilities and the best ways to address…

November 12, 2019
Read More >>

Automate Dynamic Analysis Scans With New REST APIs

In today’s fast-paced, technology-driven world, security breaches have become an increasingly important priority for organizations; however, ensuring that your organization remains as secure as possible can be like trying to hit a moving target. One of the most common attack vectors that results in a breach is insecure web applications. Dynamic Application Security Testing (DAST) is one of the best ways to identify and remediate exploitable vulnerabilities in your web…

October 31, 2019
Read More >>

Veracode Dynamic Analysis + Jenkins: Integrate DAST Into Your CI/CD Pipeline

It’s the age-old dilemma – balancing the need to ensure applications are secure with the need to release applications and updates on faster and faster schedules. With many teams adopting the principles of DevSecOps, and implementing security checks as early as possible in the SDLC, a key aspect of success is integrating security with the tools that development teams already use. The Veracode Dynamic Analysis + Jenkins integration allows you…

October 30, 2019
Read More >>

Beyond Testing: The Human Element of Application Security

Companies of every size and in every industry are changing the world with software. From healthcare to agriculture, education, and manufacturing, software is enabling unprecedented advancement and innovation. But if that software is insecure, these innovations may get held up, or worse, put us at risk. And this is a very real concern; our most recent State of Software Security report found that 83 percent of applications had at least…

October 15, 2019
Read More >>

Making the Case for AppSec? Break Down Your Budget

The bottom line on corporate decision-making comes down to the bottom line. It’s critical to demonstrate value for any new or expanded initiative. Fall short, and your odds of success are greatly diminished. How do you build the financial case for more robust AppSec, when the focus is on the impact to the bottom line? The key is understanding how to effectively design and present a budget that makes sense…

October 10, 2019
Read More >>