Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest News and Information on Application Security including monitoring, testing, and open source.

veracode

Executive Order Update: NIST Establishes a Definition for Critical Software and Outlines Scan Requirements for Software Source Code

Jul 19, 2021 By Chris Wysopal In Veracode

On May 12, 2021, President Biden announced an executive order to improve the nation’s cybersecurity. The order, which outlines security initiatives and timelines, calls for the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to enhance the security of the software supply chain.

Read Post
appknox

Appknox Webinar: Secure Coding Practices to Prevent Vulnerabilities in SDLC

Jul 15, 2021 By Harshit Agarwal In Appknox

Continuing on the successful webinar journey, last week Appknox hosted a webinar on "Secure Coding Practices to Prevent Vulnerabilities in SDLC." Focusing on secure coding best practices, our experts busted several myths and misconceptions regarding mobile app security in the webinar and highlighted several client-side misconfigurations which generally go unnoticed by the app developers.

Read Post
veracode

Key Takeaways for Developers From SOSS v11: Open Source Edition

Jul 14, 2021 By Meaghan McBee In Veracode

Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.

Read Post
Featured Post
snyk

Measuring security for cloud native applications

Jul 9, 2021 By Simon Maple, Field CTO In Snyk
Modern cloud-native applications - and the DevSecOps culture and practices used to manage them - introduce a fresh layer of challenges to the already thorny topic of security measurement. Historically, security has been typically measured on a regular but intermittent basis, at particular points in time. However, the pace of change at modern, cloud-native organisations, who've implemented DevSecOps and/or CI/CD, is relentless. Many deployments might be made in a single day, and the security posture of businesses might thus change dramatically over that time.
Read Post

Learning application security by finding and fixing insecure code in OWASP NodeGoat

Jul 6, 2021 By Snyk In Snyk
Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too. In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.
View Video

Use the Jenkins Credentials Binding Plugin to Protect Your Veracode Credentials

Jul 6, 2021 By Veracode In Veracode
In this video, you will learn how to: You can use the Jenkins Credentials Binding Plugin to hide your Veracode API credentials from the Jenkins interface and logs. You use the plugin to associate, or bind, your Veracode API credentials to environment variables and save them to the Jenkins credentials store. During a build, Jenkins uses the environment variables to secretly access your credentials. The Jenkins interface and logs only show the bound environment variables.
View Video
detectify

The Buyer's Guide to Scalable Application Security

Jul 2, 2021 By Jocelyn Chan In Detectify

Detectify is helping tech organizations bring safer web products to market by providing crowdsourced, cloud-based, continuous web app security. Here’s a buyer’s guide on how you can get scaleable application security in 2021 and beyond. There are so many appsec tools out there with the same features. It’s hard to see value clearly amongst all the noise.

Read Post

Create a New Application Profile in the Veracode Platform

Jun 30, 2021 By Veracode In Veracode
In this video, you will learn how to create a new application profile in the Veracode Platform. Users with the Creator or Security Lead role on the Veracode Platform can create application profiles. The application profile describes your application, identifies the policy to evaluate the application with, and provides metadata that enables a thorough analysis of security performance across all the applications in your organization.
View Video
veracode

Speed or Security? Don't Compromise

Jun 29, 2021 By Meaghan McBee In Veracode

“Speed is the new currency of business.” Chairman and CEO of Salesforce Marc R. Benioff’s words are especially potent today as many organizations small and large look for ways to speed up production during their shifts to digital. In software development, speed is a critical factor. Everything from shifting priorities to manual processes and siloed teams can seriously impede deployment schedules.

Read Post
veracode

Too Many Vulnerabilities and Too Little Time: How Do I Ship the Product?

Jun 28, 2021 By Bernard Felix In Veracode

The percentage of open source code in the enterprise has been estimated to be in the 40 percent to 70 percent range. This doesn't make the headlines anymore, but even if your company falls in the average of this range, there is no dearth of work to do to clean up, comply with AppSec policies, and ship the product. Phew! So where do you start when it comes to resolving all the vulnerabilities uncovered in your open source libraries?

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.