[email protected] (TJarrett)

Application Security Research, News, and Education Blog

The key to successfully implementing DevOps practices is relationships. It???s about breaking down the existing silos between different functions that deliver software, like development and operations. These functions need to work toward a common goal, efficient software delivery. The other relationship that is key to implementing DevOps is the relationship ... Read More

A joint blog post from Veracode and ThreadFix In today???s world, speed wins. Just take Amazon for example. You can place an order with the click of a button and have it delivered to your door in under twenty-four hours. Retailers that can???t compete with Amazon???s speed are falling behind ... Read More

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the ... Read More

On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access Veracode APIs via the Java API Wrapper or via HTTPie with the Veracode API Signing tool, make it ... Read More

Originally posted on 12/28/2016 It seems so tempting. Solve your application security problem by throwing an appliance at it. After all, if web applications are the most common form of attack, why not just protect them the same way you protect your network and email servers, and be done with ... Read More

The marquee event of the security industry is fast approaching – the 2018 RSA Conference will take place in San Francisco April 16 to 20. This is a highlight of the year for all of us at CA Veracode, and we will have a major presence there, in part because ... Read More