What do Security Teams Implementing DevOps Need to Know? by Veracode

AppSec Bites Part 4: What Do Teams Implementing DevOps Practices Need to Know?

The key to successfully implementing DevOps practices is relationships. It???s about breaking down the existing silos between different functions that deliver software, like development and operations. These functions need to work toward a common goal, efficient software delivery. The other relationship that is key to implementing DevOps is the relationship ... Read More
"AppSec Bites" presented by Veracode and ThreadFix by Veracode

AppSec Bites Part 1: Balancing Speed and Thorough AppSec Coverage

|
A joint blog post from Veracode and ThreadFix In today???s world, speed wins. Just take Amazon for example. You can place an order with the click of a button and have it delivered to your door in under twenty-four hours. Retailers that can???t compete with Amazon???s speed are falling behind ... Read More
Fixing CRLF Injection Logging Issues in Python

Fixing CRLF Injection Logging Issues in Python

|
It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the ... Read More
CI/CD With Veracode Docker Images

CI/CD With Veracode Docker Images

|
On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it ... Read More
Application Security? But I Have a WAF!

Application Security? But I Have a WAF!

Originally posted on 12/28/2016 It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with ... Read More
Looking Ahead to RSA: Talking Open Source Components

Looking Ahead to RSA: Talking Open Source Components

The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at CA Veracode, and we will have a major presence there, in part because ... Read More