By The Veracode Research Team December 22, 2021 Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability…
By Clint Pollock December 18, 2021 It’s Clint Pollock, principal solutions architect, here for the final lesson in the four-part series on how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan and a dynamic scan…
By The Veracode Research Team December 17, 2021 The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021…
By Hope Goslin December 15, 2021 On December 9, 2021, a zero-day vulnerability in Log4j 2.x was discovered. This vulnerability is of great concern because if it’s successfully exploited, attackers are able to perform a RCE (Remote Code Execution) attack and compromise the affected server…
By The Veracode Research Team December 10, 2021 A previously unknown zero-day vulnerability in Log4j 2.x has been reported on December 9, 2021. If your organization deploys or uses Java applications or hardware running Log4j 2.x your organization is likely affected…
By Hope Goslin on February 10, 2021 In light of the current pandemic, our healthcare industry has been challenged like never before. Healthcare workers heroically stepped up to the plate, caring for those in need, while the industry itself digitally transformed to keep up with the influx of patient data and virtual wellness appointments…
By Tim Jarrett on December 3, 2020 On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans…
By Jason Lane on September 15, 2020 Sensitive data exposure is currently at number 3 in the OWASP Top 10 list of the most critical application security risks. In this blog post, we will describe common scenarios of incorrect sensitive data handling and suggest ways to protect sensitive data…
By Meaghan McBee on June 19, 2020 The popularity of open source libraries isn’t dwindling anytime soon. They’re critical for developer functionality, allowing teams of developers like yours to work faster so they can meet tight deadlines they face on the regular...
By Meaghan McBee on APRIL 8, 2020 Entering 2020, digital transformation was already at the top of the to-do list for many organizations. For those who lagged, it’s quickly becoming priority number one. As much of our daily life and work goes virtual to during the pandemic, some markets are getting hit hard. In addition, the bad guys won’t take a break – we’ve seen…
By Pejman Pourmousa on APRIL 7, 2020 Enabling our customers to create software quickly and securely has always been our mission, and it remains so today. While the safety and health of our employees is a top priority right now, so is the health of our customers’ software, especially considering some of the industries they support…
By Meaghan McBee on APRIL 2, 2020 A recent report from the Cyberspace Solarium Commission (CSC) includes detailed plans for guiding cybersecurity policies in the United States, which the commission feels is necessary to prevent catastrophic fallout from breaches and attacks for corporations and citizens alike…
By Hope Goslin on MARCH 30, 2020 Cyberattacks are an all too common occurrence, especially for financial institutions. In response, we are seeing an influx of security rules and regulations for financial institutions to follow. And…
By Meaghan McBee on MARCH 23, 2020 Veracoders, like many of you, are facing the new reality of working from home, all day, every day. We have some employees who were already working 100 percent remotely, but also many who were…