WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> LATEST NEWS

Veracode’s free service nips cross-site scripting in the bud

By Alyson Behr

March 4, 2011 — Veracode has recently announced the launch of Veracode Free XSS Detection Service. The service is designed to help developers detect and eliminate cross-site scripting (XSS) errors that, according to Veracode, are responsible for more than half of all Web application vulnerabilities.

According to OWASP, a project that tracks application security, XSS flaws occur whenever an application takes untrusted data and sends it to a browser without proper validation. XSS allows attackers to execute scripts in the victim’s browser that can hijack user sessions, deface websites, or redirect the user to malicious sites.

Veracode said the service removes perceived complexity from the detection process, and that with access to proper education and training, developers can avoid introducing the flaws into software in the first place.

Chris Eng, senior director of security research at Veracode, said, “We see thousands—sometimes tens of thousands—of XSS vulnerabilities a week. Many are those we describe as 'trivial’ and can be fixed with a single line of code. Some of our customers upload a new build the following day; others never do. Motivation is clearly a factor.

“Think about the XSS vulnerabilities that hit highly visible websites such as Facebook, Twitter, MySpace and others. Sometimes those companies push XSS fixes to production in a matter of hours. Are their developers really that much better? Of course not. The difference is how seriously the business takes it. When they believe it’s important, you can bet it gets fixed.”

To use the service, developers sign up for an account and submit their Java application, supplying metadata such as the name of the application and build version. The archives are encrypted in transit and on Veracode servers. The Veracode platform pre-scans the archive to ensure the code is scannable for XSS errors. Once this pre-scan is complete, begin the scan. The service delivers a report via e-mail with the location of the problem and remediation recommendations.

Veracode customers also have complimentary access to the company’s XSS eLearning courses.

Related Search Term(s): Veracode

Share this link: http://sdt.bz/35331

Most Read Latest News Blog Resources

Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network

Magic announces the release of its revolutionary mobile offering for the development of business applications, with new native clients for iOS and Android platforms
Magic announced today the availability of native iOS and Android clients for its mobile enterprise application platform

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Zeichick’s Take: The handheld and the tablet, circa 1976
Texas Instruments' and Hewlett-Packard's calculators were doing things decades ago we take for granted today

Virtualization: Not just for machines anymore
Network virtualization allows multi-tiered applications to behave as though they were in a physical network

Achievements and learning: Gamification comes to businesses and schools
Startup takes page from gamers by offering achievement marks to get developers more engaged in their projects

Google talks tools at AnDevCon III
New 3D debugging tool and recent ADK changes are detailed by Google developers at the third Android Developer Conference

SmartBear rolls out new quality solution: API Complete
Software gives organizations ability to write test scripts and monitor APIs by bridging the DevOps divide

Creation
To write better software, cultivate your ability to be creative.

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.

Five SCM Best Practices Two-thirds of all software projects fail, according to the Standish Group’s CHAOS study. Improper usage of software configuration management...

Best Practices for Branching and Merging Patterns

Development teams often create a branching pattern, usually drawn out on a white board or in a Visio document, that is used as a model to...

Automated Error Reporting We invite you to read a short e-zine that tells you all about automated error reporting for .NET applications. This 8-page e-zine is packed...

The End of Application Redeploys Imagine that every time you wanted to write, send or receive an email, you needed to restart your computer. How much time would this take, a...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Veracode brings security testing to the cloud Tests can be run at any point in the development life cycle by using SecurityReview's Upload APIs

RSA Conference advocates openness Personal devices on networks and Anonymous dominated discussion, while talk of locking down networks ceased

SecurityInsights gives benchmarks for software The new service from Veracode can perform quick intelligence service checks on software for dynamic or manual testing

Add comment

Name*
Email*
Country

Comment

Veracode brings security testing to the cloud
Tests can be run at any point in the development life cycle by using SecurityReview's Upload APIs Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
MAY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

Creation
To write better software, cultivate your ability to be creative.
05/19/2012 07:40 PM EST

Slick...but who needs it?
compilr.com is a well-designed site and the folks behind it seem to have their heart in the right place. But...who needs it?
05/16/2012 12:45 PM EST

How to be a better software developer
Want to be a better developer? You won't get there by mastering an interesting language or learning a new set of APIs.
05/14/2012 12:18 PM EST

Wooing Galatea
Do yourself a favor and check out Galatea 2.2, a wonderful book by novelist Richard Powers.
05/12/2012 07:05 PM EST

The world as story
An artificial-intelligence system at Carnegie Mellon seeks to understand the world by making statements about it.
05/10/2012 06:39 AM EST

The Rise of the Brogrammer, or the Rise of the Sexist Programmer?
Women in Silicon Valley get vocal about sexist ads and campaigns that contribute to a tense work environment.
05/09/2012 03:14 PM EST