Skip to main content

Customer News

Get updates on customer resources, including AppSec tips from Veracode program managers and security experts, new product feature announcements and best practices for making Veracode a seamless part of your software development lifecycle.

  • We are only a few weeks into 2020, and it is safe to say that consumer privacy is all the rage. California kicked off the movement with the California Consumer Privacy Act (CCPA), AB 375, which went into effect on January 1, 2020. The act aims to give consumers more rights to their personal data. Since then, Washington, New Hampshire, and New York have all proposed similar consumer privacy bills READ MORE

Stay up to date on Application Security

  • If you’re a Veracode customer, there’s a good chance that you’ve heard of – or maybe even work with – a Veracode security program manager (SPM). For those of you who might not know, SPMs help you define the goals of your application security program, onboard your team, answer any questions about Veracode products, and work with your teams to ensure that your program stays on track and continues READ MORE

  • Veracode’s RESTful APIs use Hash-based Message Authentication Code (HMAC) for authentication, which provides a significant security advantage over basic authentication methods that pass the username and password with every request. Passing credentials in the clear is not a recommended practice from a security perspective; encryption is definitely preferred for obvious reasons, but HMAC goes a READ MORE

  • Developer training has an essential role in reducing code vulnerabilities and avoiding a breach. Effective application security requires both locating security-related defects, and fixing them. But developers simply aren’t equipped with the knowledge or skills they need to fix these flaws. Veracode recently sponsored the 2017 DevSecOps Global Skills Survey from DevOps.com, and found READ MORE

  • Dynamic analysis (DAST) is a vital part of all application security programs. Effective application security secures software throughout its entire lifecycle — from inception to production. With the speed of today’s development cycles — and the speed with which software changes and the threat landscape evolves — it would be foolish to assume that code will always be 100 percent vulnerability-free READ MORE

  • A great AppSec program requires more than just scanning. It takes seamless processes and services designed to help developers fix flaws and write more secure code. The following is a list of the characteristics that we have found among our customers with world-class AppSec programs. Consider security early In early planning phases, ensure secure architecture and design and conduct threat modeling READ MORE

  • .page-node-42201 p { font-size: 16px; } Customer-inspired product enhancement is not something new at Veracode. In fact, since 2016, we have implemented more than 1,100 product enhancement requests from individual customers. To create greater transparency into the product management process, we created a self-service feedback portal – Ideas – in the Veracode Community in 2017. This portal is READ MORE

  • If we have data, let's look at data. If all we have are opinions, let's go with mine." -- Jim Barksdale The ability to report on your application security program depends on access to your AppSec data. For questions from “how can I help my board understand our current risk posture?” to “which teams are developing secure code, and which need additional AppSec training?” – data is the key. Nobody READ MORE

  • I’ve been working as a Veracode security program manager since 2013, and have adopted AppSec best practices in those six years that contribute to successful AppSec programs. I started my journey here as a program manager and was fortunate enough to manage and lead some of Veracode’s largest and most complex customer programs. Today, I’m managing a team of program managers. In this blog, I will READ MORE

  • table thead th, table tbody td, table tr td { border-left: 1px solid #e5e5e5; } .blog-home-page .content-wrapper table th { color: #000; } .table-overflow { overflow-x: auto; } There is no application security “silver bullet” – it takes a combination of testing types to effectively reduce your risk. Each testing method has a different role to play and works best when used in READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.