Lucene search
K

81 matches found

The Hacker News
The Hacker News
added 2015/12/04 2:37 a.m.20 views

These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2014/10/08 9:19 p.m.19 views

SQL Injection Vulnerability in 'Yahoo! Contributors Network'

Yahoo! Contributors Network contributor.yahoo.com, the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a...

8.4AI score
Exploits0
ThreatPost
ThreatPost
added 2013/11/08 8:0 a.m.10 views

Father-Daughter Hacking Team Finds Valuable Facebook Bug

The Wysopal name has been on vulnerability advisories for better than 20 years now, and it doesn’t look like that is going to end anytime soon. But the name on those advisories in the future may be Renee rather than Chris Wysopal. Chris, one of the founding member of the L0pht hacking collective...

7.1AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/03/28 3:38 p.m.17 views

How I Got Here: Chris Wysopal

Dennis Fisher talks with Chris Wysopal of Veracode about his journey from a teenage BBS user to member of the L0pht to respected security researcher. Known as Weld Pond since his days at the L0pht, Chris also discussed his time at @stake and how the L0pht’s road trip to DC to testify before...

0.8AI score
Exploits0References2
ThreatPost
ThreatPost
added 2013/02/05 4:11 p.m.8 views

Veracode's VP of Research Chris Eng, Moderator of the Dangers in Mobile Devices Session

Chris Eng of Veracode moderated the mobile threats track...

3.6AI score
Exploits0
ThreatPost
ThreatPost
added 2012/10/11 5:52 p.m.8 views

Infographic: Veracode on Mobile Security and Protecting Your Device

Veracode have put out another snazzy infographic, this time to help illustrate the mobile computing boom of the last few years. To accompany the BYOD Bring Your Own Device policy that’s becoming commonplace in offices around the world, the web security firm uses two characters, Joe Worker and Joe...

1.5AI score
Exploits0References1
ThreatPost
ThreatPost
added 2012/08/10 3:3 p.m.10 views

Infographic: Stuxnet's Cyberwar Vines Untangled

Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...

0.3AI score
Exploits0References5
ThreatPost
ThreatPost
added 2012/08/03 4:41 p.m.46 views

How SQL Injection Attacks Work

SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a brea...

10CVSS1.9AI score0.93688EPSS
Exploits9
ThreatPost
ThreatPost
added 2012/02/17 5:6 p.m.21 views

AdiOS Finds iOS Apps Capable of Dumping Users' Contacts

It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that...

6.6AI score
Exploits0References5
ThreatPost
ThreatPost
added 2011/06/29 3:47 p.m.12 views

Image of the Day: Visualizing the PlayStation Network Hack

While this spring’s PlayStation Network hack was certainly massive, a new infographic from Veracode illustrates just how sprawling the attack really was. The graphic traces the breach back to April’s “external intrusion” and eventual shuttering of Sony’s online gaming network along with the...

1.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/04/06 3:41 p.m.18 views

Pandora Mobile App Transmits Gobs Of Personal Data

A popular free mobile application from online music service Pandora.com that is the subject of a Grand Jury investigation into loose data privacy practices in the mobile application market confirms that the application silently sends reams of sensitive data to advertisers. The analysis was...

1.4AI score
Exploits0References4
ThreatPost
ThreatPost
added 2011/02/09 2:28 p.m.9 views

Veracode Announces Mobile App Verification Service

Application testing firm Veracode said on Wednesday that it was expanding its service to vet the security of mobile applications to cover Apple iPhone and Google Android devices. In a statement, Veracode said it was accepting submissions of mobile applications for testing for all mobile platforms...

1.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2011/01/31 4:23 p.m.15 views

Free Service Targets XSS Bugs in Java Apps

Cross-site scripting bugs have been a major problem for Web site operators for years now, and while their causes and their solutions are both well-understood, they’re still quite pervasive. But a new free service is aiming to help site owners avoid the serious compromises that can follow an attac...

0.7AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/09/22 9:31 p.m.6 views

57 Percent of Apps Have Poor Security: Report

Findings from Veracode’s report “State of Software Security Report: Volume 2.” show that overall quality of applications remains poor, with 57 percent failing to meet acceptable levels of security. New results demonstrate that cloud/web-based applications are the most commonly scrutinized, and wi...

0.8AI score
Exploits0References1
ThreatPost
ThreatPost
added 2010/09/22 4:38 p.m.10 views

Report: Reused, Third Party Code Major Sources of Insecurity

A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity. Application security is a sore spot for many organizations, as attackers shift the battlefield from operating system and network attacks to application specifi...

0.3AI score
Exploits0References3
ThreatPost
ThreatPost
added 2010/08/11 7:15 p.m.12 views

Verizon DBIR Cryptography Challenge: Here's The First Clue

So, according to a little birdie tweeting in the night, the 2010 Verizon Data Breach Investigations Report DBIR contains another encryption challenge that leads to actual cash prizes. Last year, after I dropped a big clue here, Grant Stavely, Chris Eng and others decoded the hidden message on the...

0.6AI score
Exploits0References5
ThreatPost
ThreatPost
added 2010/02/09 4:37 p.m.10 views

Tyler Shields on the BlackBerry Spyware and the Coming Wave of Smartphone Attacks

Dennis Fisher talks with Tyler Shields of Veracode about his BlackBerry spyware application, txsBBSPY, the coming wave of smartphone attacks and his lack of surprise about the Google Aurora attack. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

1.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2010/02/09 3:5 p.m.13 views

Chris Wysopal, Veracode

Chris was one of the first security researchers I met, in 2000, when he and the rest of the L0pht had just become part of @stake. I’ve probably interviewed him more often than anyone else on this list and he’s helped me with dozens of stories over the years. He always had five minutes to explain...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2010/02/07 5:55 p.m.12 views

BlackBerry Spyware Package Shown at ShmooCon

This video demonstrates a proof-of-concept BlackBerry spyware package developed by Tyler Shields, one of Veracode’s senior security researchers...

4.4AI score
Exploits0
ThreatPost
ThreatPost
added 2009/07/15 7:36 p.m.11 views

An Analysis of the BlackBerry Spyware

From Zero in a Bit Chris Eng Yesterday it was reported by various media outlets that a recent BlackBerry software update from Etisalat a UAE-based carrier contained spyware that would intercept emails and text messages and send copies to a central Etisalat server. We decided to take a look to fin...

2AI score
Exploits0References5
Rows per page
Query Builder