Security Update: Log4j.2.x Vulnerability
Chris Wysopal, founder and CTO, Veracode, Brian Roche, Chief Product Officer, and Mansi Sheth, Senior Principal Security Researcher chat through the Log4j.2.x vulnerability.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The latest News and Information on Application Security including monitoring, testing, and open source.
SECURITY NOTICE: Log4j.2.x NEWS
Is the Log4j Zero-Day RCE (CVE-2021-44228) vulnerability affecting you? Check out this quick chat with Chris Wysopal and Giuseppe Trovato to learn more about this new #vulnerability and what it could mean for you.
How to Scale Developer Security Using Snyk (Demo)
Emerging cloud-native technologies have shifted and expanded the scope of AppSec as we know it. Digital transformation and scale now hinges on developers’ ability to build and deploy rapidly – and doing so securely. Snyk’s developer security platform is designed to work like a developer tool – making it not only easy to find issues but to fix them quickly. In this recorded webinar, Jim Armstrong walks through a demo to show how developers can secure their proprietary code, open source libraries, container images, and infrastructure as code deployments.
Part 3: Using Veracode From the Command Line in Cloud9 IDE
In part three of a four-part series, Clint Pollock, principal solutions architect at Veracode, details how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan. Check out the video and step-by-step instructions below. It’s Clint Pollock, principal solutions architect, back again for part three of our four-part series on using Veracode from the command line in Cloud9 IDE.
Don't Let Code Injections Mess Up Your Holiday eCommerce Season
The holidays are right around the corner. It’s a well-deserved time to spend with your friends and family, and it likely translates to increased online sales. But more eCommerce activity also means increased cybersecurity risks. Most organizations with eCommerce deploy cybersecurity measures such as Content Security Policies (CPSs), to help secure their site and protect their customer’s personally identifiable information from a breach.
Veracode and Github Integration
This video shows how to integrate Veracode’s Static Analysis solution to automate scans and consume results in the GitHub platform.
Create an API Specification Scan
Traditionally Veracode Dynamic Analysis has targeted applications with a Web user interface. But increasingly, web applications are composed of many small microservices, many of which have Representational State Transfer (REST) interfaces with which the UI layer communicates. With API scanning, you can now scan the APIs of your microservices earlier in the software development process, before they are integrated into a web application.
Part 2: Using Veracode From the Command Line in Cloud9 IDE
In part two of a four-part series, Clint Pollock, principal solutions architect at Veracode, details how to use Veracode from the command line in the Cloud9 IDE to submit a static pipeline scan. Check out the video and step-by-step instructions below. It’s Clint Pollock, principal solutions architect, back for part two of our four-part series on using Veracode from the command line in Cloud9 IDE.
EWF Conference: Plotting the Course for Your Personal Brand
“Why focus on building your personal brand?” This was the first question that Elana Anderson, Chief Marketing Officer at Veracode, asked during her presentation Plotting the Course for Your Personal Brand at the recent Executive Women’s Forum (EWF). Anderson, a lifelong student of marketing, and a former analyst at Forrester Research, has a deep understanding of the importance of both corporate and personal brands and the steps necessary to both build and maintain a brand.
Announcing automated fixes for vulnerabilities in .NET dependencies
We’re pleased to announce improved support for.NET applications in Snyk Open Source, allowing developers to fix vulnerabilities in.NET dependencies with the help of actionable advice and automated pull requests! As of the time of writing, NuGet, the Microsoft-supported and de-facto standard package manager for.NET, has 276,266 unique packages, downloaded on average more than a billion times a week!