Veracode

Dear Security Manager, We heard you loud & clear. That's why we want to introduce Postman Collection Support for API Security Testing! This new feature is a game-changer for developers looking to enhance the security of their APIs through dynamic analysis. Why it matters: "With Veracode, you can test the security of your API business processes, including workflows that simulate real user interactions. This ensures that the necessary API calls happen in the correct order and data transfers appropriately from one call to the next." Stay ahead in the digital landscape by ensuring your APIs are not only functional but secure from potential threats. Dive into our blog to learn how you can start scanning your Postman Collections today and make your API endpoints robust against attacks. 🔗 Check out the full blog for more insights and get started with enhancing your API security: https://bit.ly/3RYp6jE

ICYMI: We recently hosted a webinar with Veracoders Chris Eng and Chris Wysopal who were joined by special guest, Janet Costello Worthington of Forrester. We wanted to share one of the questions that were asked during this webinar: Q: Would you say that tech debt equals security debt or is it a subset? A: Security debt is a subset of technical debt, which can also include things like modernizing frameworks and architectures. If you joined us but didn't get a chance to ask your questions, please submit them below and we'll answer them for you! You can also catch the replay of the entire webinar here: https://bit.ly/3KFkY4b

Great news for #developers and #security teams! We're offering a free 14-day trial of our Dynamic Application Security Testing (DAST) service! Why choose Veracode DAST? 🔍 Comprehensive Scanning: Quickly identify and address vulnerabilities in your web apps and APIs. ⚡ Rapid Results: Launch scans with just a few clicks and receive near-instant, actionable feedback. 🛠️ Easy Setup: Get started in minutes, no credit card required! Take advantage of this opportunity to enhance your application security with our cutting-edge technology. Start your free trial today and experience the power of Veracode DAST! https://lnkd.in/gUtiTRkj

Stay Ahead of Security Threats! Discover the critical details about the polyfill supply chain attack below. Learn how immediate actions, like removing references to polyfill.io in your code, can prevent potential breaches. On June 27th, Sansec updated the disclosure and said: “Cloudflare has implemented real-time rewrites of cdn.polyfill.io to their own version. A little later, Namecheap has put the domain on hold altogether, which eliminates the risk for now. However, you are still recommended to remove any polyfill.io references in your code.” Read our full analysis and expert recommendations here: 🔗 https://bit.ly/3RRCs15

It may be summer, but there’s no slowing down the Veracode team. Here are a few highlights from June’s events: Our Prague office hosted an incredible meet-up with Womenly. We hosted the “How to Fix Security Flaws Faster” session at CDM Boston CISO Summit. Sohail Iqbal, Veracode CISO,  shared his insights on the "Crossroads of AppSec & Gen-AI" with practical steps for safely adopting GenAI and managing its impact on software development and organizational processes at the AI Risk Summit in San Francisco. Our CTO and Co-founder, Chris Wysopal was part of a roundtable discussion at the GBI NYC CISO Summit. The Southeast team had a great time connecting with GuidePoint Security at GPSec Atlanta. We’re ready to see you – let us know which events you’ll be at this month. 

Congratulations to Sohail Iqbal for being named as a BostonCIO ORBIE award finalist. This recognition highlights Sohail's commitment to excellence in technology leadership, particularly in driving innovation and #security in the tech industry. The ORBIE Awards honor outstanding CISOs who have demonstrated leadership, innovation, and effectiveness in their roles. Being named a finalist is a testament to Sohail's impactful contributions to our company and the technology community overall. Please join us in congratulating Sohail on this remarkable achievement!

Mark your calendars! We're gearing up for an exciting lineup at the WeAreDevelopers World Congress from 17-19 July. Don't miss out on key insights from Veracode experts: 🔹 Chris Wysopal is taking over the main stage with a keynote on Friday, 19 July, from 11:00-11:30 CET. 🔹 Julian Totzek-Hallhuber will deliver his compelling talk: "Let’s Write an Exploit Using AI" on Friday, 19 July, from 12:20-12:50 PM at Stage 4 (500). Prepare to dive deep into the world of AI and cybersecurity! 🔹 Niels Tanis will share his expertise in his talk "Reviewing 3rd Party Library Security Easily Using OpenSSF Scorecard," on Friday, 19 July, from 1:00-1:30 PM at Stage 4 (500). 🎟️ Special Offer: Grab your ticket now and enjoy a 15% discount with the code WWC_Veracode15. Don’t miss out on the opportunity to be part of this pivotal tech event! 🔗 Learn more about the event here: https://lnkd.in/g9sUVP7w

Time is running out! Is your organization drowning in security debt? Join us for a transformative webinar on "Lifting the Burden of Security Debt and Its Impact on Risk and Profitability" this Thursday. Learn from industry experts including Chris Wysopal, Chris Eng, and special guest Janet Costello Worthington from Forrester as we dive deep into strategies that can significantly reduce security risks and enhance your operational efficiency. Secure your spot today: https://lnkd.in/ga5cYA7D

How Mature is Your AppSec Program? As we navigate the evolving landscape of application #security, understanding the maturity of your AppSec program is crucial. Inspired by our latest blog, "Navigating the Stages of AppSec Maturity: A Tactical Guide for Risk Management," we're curious about your organization's current #appsec maturity. Four stages of AppSec Maturity: 🔹Reactive – Mostly ad-hoc security measures. 🔹Baseline – Integrated security assessments at the end of development. 🔹Expanded – Automated tools across the SDLC supporting developers. 🔹Advanced – Comprehensive, holistic security approach with minimal security debt. Cast your vote below & check out our blog for insights on each stage and tips on advancing your AppSec maturity! https://lnkd.in/gqqUNRCy