AppSec with LolCats: Click2Cat - the Security Extension to Veracode You Didn’t Realize You Needed

AppSec with LolCats: Click2Cat – the Security Extension to Veracode You Didn’t Realize You Needed

Fixing security findings in your code can be hard. Sometimes you need help from other developers who have solved these problems before. Veracode provides one-on-one time with ex-developers who can coach you through different approaches to address security findings. But sometimes, you don???t really want advice. Instead, you need a ... Read More
Using Median Time to Resolve Efficiently 

Using Median Time to Resolve Efficiently 

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to ... Read More
Should You Be Measuring Flaw Rate?

Should You Be Measuring Flaw Rate?

Metrics — or perhaps more accurately, the right metrics — are crucial for understanding what’s really happening in your AppSec program. They serve a dual purpose: They demonstrate your organization’s current state, and also show what progress it’s making in achieving its objectives. We typically recommend our customers measure their ... Read More
Detailing Veracode’s HMAC API Authentication

Detailing Veracode’s HMAC API Authentication

Veracode’s RESTful APIs use Hash-based Message Authentication Code (HMAC) for authentication, which provides a significant security advantage over basic authentication methods that pass the username and password with every request. Passing credentials in the clear is not a recommended practice from a security perspective; encryption is definitely preferred for obvious ... Read More