Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Veracode

Speed vs Security: Striking the Right Balance in Software Development with AI

Software development teams face a constant dilemma: striking the right balance between speed and security. How is artificial intelligence (AI) impacting this dilemma? With the increasing use of AI in the development process, it's essential to understand the risks involved and how we can maintain a secure environment without compromising on speed. Let’s dive in.

Veracode Advances Cloud-Native Application Security with Longbow Acquisition

As I travel around the world meeting with customers and prospects, we often discuss the tectonic shifts happening in the industry. At the heart of their strategic initiatives, organizations are striving to innovate rapidly and deliver customer value with uncompromising quality and security, while gaining a competitive edge in the market.

Veracode Customers Shielded from NVD Disruptions

The US National Institute of Standards and Technology (NIST) has almost completely stopped analyzing new vulnerabilities (CVEs) listed in its National Vulnerability Database (NVD). Through the first six weeks of 2024, NIST analyzed over 3,500 CVEs with only 34 CVEs awaiting analysis.1 Since February 13th, however, nearly half (48%) of the 7,200 CVEs received this year by the NVD are still awaiting analysis.2 The number of CVEs analyzed has dropped nearly 80% to less than 750 CVEs analyzed.

Resolving Simple Cross-Site Scripting Flaws with Veracode Fix

In the last blog on fixing vulnerabilities with Veracode Fix, we looked at SQL Injection remediation in a Java application. Since then, we have released Fix support for Python (and PHP) and launched a new VS Code plugin that includes support for Fix. It seems appropriate, therefore, to look at resolving a problem in a Python app using Veracode Fix in the VS Code IDE. This time let’s examine a simple cross-site scripting (XSS) weakness.

Security Debt: A Growing Threat to Application Security

Security debt is a major and growing problem in software development with significant implications for application security, according to Veracode's State of Software Security 2024 Report. Let’s delve a bit deeper into the scope and risk of security debt, and gain some insights for application security managers to effectively address this challenge. Security debt refers to software flaws that remain unfixed for a year or more.

AI - Boon or Bane for Appsec

Are you ready to dive into the world of application security and artificial intelligence? Watch the exclusive talk by the renowned Julian Totzek Hallhuber, Solutions Architecture Manager at Veracode, during Mind the Sec 2023 in Brazil. In this engaging talk, Julian explores the advantages and disadvantages of using AI in the AppSec landscape and discovers how AI is revolutionizing the way we protect our applications from constantly evolving cyber threats.

A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape

The release of the February 2024 White House Technical Report, Back to the Building Blocks: A Path Towards Secure Measurable Software, brings about a timely shift in prioritizing software security. Software is ubiquitous, so it’s becoming increasingly crucial to address the expanding attack surface, navigate complex regulatory environments, and mitigate the risks posed by sophisticated software supply chain attacks.

The Risks of Automated Code Generation and the Necessity of AI-Powered Remediation

Modern software development techniques are creating flaws faster than they can be fixed. While using third-party libraries, microservices, code generators, large language models (LLMs), etc., has remarkably increased productivity and flexibility in development, it has also increased the rate of generating insecure code. An automated and intelligent solution is needed to bridge the widening gap between the introduction and remediation of flaws.

Integrating Veracode DAST Essentials into Your Development Toolchain

In today's fast-paced digital landscape, developers face increasing pressure to deliver secure applications within tight deadlines. With the emphasis on faster releases, it becomes challenging to prioritize security and prevent vulnerabilities from being introduced into production environments. Integrating dynamic application security testing (DAST) into your CI/CD pipeline helps you detect and remediate vulnerabilities earlier, when they are easier to fix.