Skip to main content

Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

  • It’s a habitual practice we learn from an early age; keeping track of loans and credit card bills reduces overall debt and makes it easier to bring debt down quickly, avoiding those pesky spikes in interest. That very same practice applies to software security testing. Software is tested, vulnerabilities are revealed, and unaddressed vulnerabilities build up over time as interest in the form of READ MORE

Stay up to date on Application Security

  • “Tell me and I forget. Teach me and I remember. Involve me and I learn.” This renowned quote from Benjamin Franklin is a powerful mantra for refining skills in any craft, coding included. When it comes to developer training, nothing beats hands-on experience with real code customizable to the way a business runs. That’s why we’re excited to announce our new online training platform, Veracode READ MORE

  • It’s a habitual practice we learn from an early age; keeping track of loans and credit card bills reduces overall debt and makes it easier to bring debt down quickly, avoiding those pesky spikes in interest. That very same practice applies to software security testing. Software is tested, vulnerabilities are revealed, and unaddressed vulnerabilities build up over time as interest in the form of READ MORE

  • A new staff report from the Federal Reserve Bank of New York highlights the risk and potential fallout that a sophisticated cyberattack might have on the United States. In the report, analysts examined a scenario in which a single-day shock hits the country’s payment network, Fedwire, measuring the broad impact it would have on the economy. The results? A significant 38 percent of the network READ MORE

  • In case you missed it, this year we launched our 10th annual State of Software Security (SOSS X) report! Armed with a decade of data, the Veracode team analyzed 85,000 applications to study trends in fix rates, mounting security debt, shifts in vulnerability by language, and more. What did we uncover? At the core of our research, we found there’s still a need for better remediation processes and READ MORE

  • YAML scripting is frequently used to simplify configuration management of CI/CD tools. This blog post shows how YAML scripts for build tools like Circle CI, Concourse CI, GitLab, and Travis can be edited in order to create integrations with the Veracode Platform. Integrating Veracode AppSec solutions into CI/CD pipelines enables developers to embed remediation of software vulnerabilities directly READ MORE

  • As web applications get more complex and more data driven, the ability to extract data from a web application is becoming more common. I work as a principal penetration tester on Veracode’s MPT team, and the majority of web applications that we test nowadays have the ability to extract data in a CSV format. The most common software installed in corporate environments is Microsoft Excel, and this READ MORE

  • One of the most important parts of a web application is the authentication mechanism, which secures the site and also creates boundaries for each user account. However, during my years of testing web applications, it’s still very common to find authentication mechanisms with vulnerabilities. I currently work as a principal penetration tester on Veracode’s MPT team, and I would say nine out of 10 READ MORE

  • Summer’s longer days and slower pace invite us to pick up a book, follow our questions, and try our hand at something new. At Veracode, I get the chance to talk with our developers about the experiences that led them to the work they do today. How did they begin to cultivate the security-mindedness that they bring to their coding? Was it a book they stumbled upon, a salient moment in the wake of READ MORE

  • Shakespeare. Brontë. Dickens. In literature, the classics have long been a staple of summer reading lists. Computer security has its own share of classics – reference points that serve as a foundation for understanding the field’s ever-changing chessboard of attack and defense. This list of computer security summer reading can be enjoyed either lounging on the beach with sand beneath your toes, READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.