If you haven't heard of it by now, you should sit up and pay attention to "Struts-Shock." That's what Veracode is calling a critical vulnerability just identified in the Apache Struts 2 library, which attackers are actively exploiting. We're cautioning customers and anyone else using the vulnerable…

Every AppSec manager needs to work with stakeholders across the organization, from the CISO to development, and departments making their own decisions about buying the software they depend on to do their jobs. If you want to earn buy-in for your AppSec program, you’ll have to be responsive to…

It's understandable that newly discovered application vulnerabilities get a lot of hype and attention. But it's the most common vulnerabilities we should really be worried about. One of the main culprits in data breaches, including some of the most high-profile attacks of recent years, is SQL…

Top 10 lists are usually good fun, if sometimes a bit frivolous. Our list of the top 10 application vulnerabilities is intended to raise awareness in a lighthearted way, although the risks from these vulnerabilities are a little scary. To create our list, we analyzed 300,000 static and dynamic…

Years ago, when I started my career as a writer, I became a journalist dedicated to informing people and serving the public interest. Later, I became a writer in a marketing role, dedicated to creating content that informs prospects and serves customers. I call upon the same skills to write blog…

The adventurous hero is a common thread in mythology that helps us understand what makes someone great. From Homer’s Odysseus, to George Lucas’s Luke Skywalker, all mythical heroes have traits in common and follow a similar path. Heroes don’t start out that way – they need to prove their mettle by…