What is SQL Injection?
Learn more about SQL injection vulnerabilities and how to prevent a SQL injection attack.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Veracode
Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code
On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.
Key Takeaways for Developers From SOSS v11: Open Source Edition
Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.
Use the Jenkins Credentials Binding Plugin to Protect Your Veracode Credentials
In this video, you will learn how to: You can use the Jenkins Credentials Binding Plugin to hide your Veracode API credentials from the Jenkins interface and logs. You use the plugin to associate, or bind, your Veracode API credentials to environment variables and save them to the Jenkins credentials store. During a build, Jenkins uses the environment variables to secretly access your credentials. The Jenkins interface and logs only show the bound environment variables.
Create a New Application Profile in the Veracode Platform
In this video, you will learn how to create a new application profile in the Veracode Platform. Users with the Creator or Security Lead role on the Veracode Platform can create application profiles. The application profile describes your application, identifies the policy to evaluate the application with, and provides metadata that enables a thorough analysis of security performance across all the applications in your organization.
Speed or Security? Don't Compromise
“Speed is the new currency of business.” Chairman and CEO of Salesforce Marc R. Benioff’s words are especially potent today as many organizations small and large look for ways to speed up production during their shifts to digital. In software development, speed is a critical factor. Everything from shifting priorities to manual processes and siloed teams can seriously impede deployment schedules.
Too Many Vulnerabilities and Too Little Time: How Do I Ship the Product?
The percentage of open source code in the enterprise has been estimated to be in the 40 percent to 70 percent range. This doesn't make the headlines anymore, but even if your company falls in the average of this range, there is no dearth of work to do to clean up, comply with AppSec policies, and ship the product. Phew! So where do you start when it comes to resolving all the vulnerabilities uncovered in your open source libraries?
Glaring Gap in Open Source Security: Veracode Finds 80 percent of Libraries Used in Software Are Never Updated
Despite inherent risks of open source code, good software security posture still lacking. 69 percent of fixes are minor and won't break functionality of even the most complex software applications.
Announcing State of Software Security v11: Open Source Edition
Today, we published the open source edition of our annual State of Software Security report. Solely focused on the security of open source libraries, the report includes analysis of 13 million scans of more than 86,000 repositories, containing more than 301,000 unique libraries. In last year’s open source edition report, we looked at a snapshot of open source library use and security.
How to Interpret the Various Sections of the Cybersecurity Executive Order
The Biden administration released a new executive order for cybersecurity on May 12, 2021. Although many know the overarching message of the executive order, it’s also important to know the specific details outlined in each section.