81 matches found
These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet
A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released its State of Software Security: Focus on Application...
SQL Injection Vulnerability in 'Yahoo! Contributors Network'
Yahoo! Contributors Network contributor.yahoo.com, the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a...
Father-Daughter Hacking Team Finds Valuable Facebook Bug
The Wysopal name has been on vulnerability advisories for better than 20 years now, and it doesn’t look like that is going to end anytime soon. But the name on those advisories in the future may be Renee rather than Chris Wysopal. Chris, one of the founding member of the L0pht hacking collective...
How I Got Here: Chris Wysopal
Dennis Fisher talks with Chris Wysopal of Veracode about his journey from a teenage BBS user to member of the L0pht to respected security researcher. Known as Weld Pond since his days at the L0pht, Chris also discussed his time at @stake and how the L0pht’s road trip to DC to testify before...
Veracode's VP of Research Chris Eng, Moderator of the Dangers in Mobile Devices Session
Chris Eng of Veracode moderated the mobile threats track...
Infographic: Veracode on Mobile Security and Protecting Your Device
Veracode have put out another snazzy infographic, this time to help illustrate the mobile computing boom of the last few years. To accompany the BYOD Bring Your Own Device policy that’s becoming commonplace in offices around the world, the web security firm uses two characters, Joe Worker and Joe...
Infographic: Stuxnet's Cyberwar Vines Untangled
Keeping track of the relationships between various malware families can be hard, especially when you’re talking about espionage tools such as Stuxnet and Gauss. Veracode has put together an infographic as a general recap of the life and times of Stuxnet, the much-discussed cyber worm that first...
How SQL Injection Attacks Work
SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a brea...
AdiOS Finds iOS Apps Capable of Dumping Users' Contacts
It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that...
Image of the Day: Visualizing the PlayStation Network Hack
While this spring’s PlayStation Network hack was certainly massive, a new infographic from Veracode illustrates just how sprawling the attack really was. The graphic traces the breach back to April’s “external intrusion” and eventual shuttering of Sony’s online gaming network along with the...
Pandora Mobile App Transmits Gobs Of Personal Data
A popular free mobile application from online music service Pandora.com that is the subject of a Grand Jury investigation into loose data privacy practices in the mobile application market confirms that the application silently sends reams of sensitive data to advertisers. The analysis was...
Veracode Announces Mobile App Verification Service
Application testing firm Veracode said on Wednesday that it was expanding its service to vet the security of mobile applications to cover Apple iPhone and Google Android devices. In a statement, Veracode said it was accepting submissions of mobile applications for testing for all mobile platforms...
Free Service Targets XSS Bugs in Java Apps
Cross-site scripting bugs have been a major problem for Web site operators for years now, and while their causes and their solutions are both well-understood, they’re still quite pervasive. But a new free service is aiming to help site owners avoid the serious compromises that can follow an attac...
57 Percent of Apps Have Poor Security: Report
Findings from Veracode’s report “State of Software Security Report: Volume 2.” show that overall quality of applications remains poor, with 57 percent failing to meet acceptable levels of security. New results demonstrate that cloud/web-based applications are the most commonly scrutinized, and wi...
Report: Reused, Third Party Code Major Sources of Insecurity
A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity. Application security is a sore spot for many organizations, as attackers shift the battlefield from operating system and network attacks to application specifi...
Verizon DBIR Cryptography Challenge: Here's The First Clue
So, according to a little birdie tweeting in the night, the 2010 Verizon Data Breach Investigations Report DBIR contains another encryption challenge that leads to actual cash prizes. Last year, after I dropped a big clue here, Grant Stavely, Chris Eng and others decoded the hidden message on the...
Tyler Shields on the BlackBerry Spyware and the Coming Wave of Smartphone Attacks
Dennis Fisher talks with Tyler Shields of Veracode about his BlackBerry spyware application, txsBBSPY, the coming wave of smartphone attacks and his lack of surprise about the Google Aurora attack. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...
Chris Wysopal, Veracode
Chris was one of the first security researchers I met, in 2000, when he and the rest of the L0pht had just become part of @stake. I’ve probably interviewed him more often than anyone else on this list and he’s helped me with dozens of stories over the years. He always had five minutes to explain...
BlackBerry Spyware Package Shown at ShmooCon
This video demonstrates a proof-of-concept BlackBerry spyware package developed by Tyler Shields, one of Veracode’s senior security researchers...
An Analysis of the BlackBerry Spyware
From Zero in a Bit Chris Eng Yesterday it was reported by various media outlets that a recent BlackBerry software update from Etisalat a UAE-based carrier contained spyware that would intercept emails and text messages and send copies to a central Etisalat server. We decided to take a look to fin...