Application Security

Application Security news, information, and how-to advice

medical heart rate monitor ekg hospital
23922465470 fe3c8b8cdf o

hiding in plain sight

Mobile app developers: Make sure your back end is covered

Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know how the back-end servers and...

Election 2016 teaser - Electronic voting security for digital election data

We can't accept election hacking as a new normal

As the investigations into whether Russian hackers influenced the 2016 Presidential election in the US continue, the rest of the world prepares for the new normal of election hacking.

man standing out crowd individual

Crowdsourcing application security closes the automated assessment gap

Crowdsourced pen tests aren't for everyone, but for one SaaS provider they help identify software flaws that automated tools may miss.

internet of things graphic

Enhanced Internet architecture to address WannaCry

Global Internet attacks take advantage of current systemic vulnerabilities. An enhanced architecture with improved web applications can help protect the Internet and its critical global applications.

vlc

Malicious subtitles in popular media players could lead to remote compromise

Researchers at Check Point have discovered a flaw affecting several popular media players, which stems from how they process subtitles. If exploited, an attacker could gain remote access to the victim's system. It's estimated that...

anthony grieco
Q&A

Cisco security exec: ‘Connected devices are creating 277 times more data than people are’

CSO Managing Editor Ryan Francis recently spoke with Anthony Grieco, senior director and trust strategy officer at Cisco’s Security and Trust Organization, about how organizations can securely incorporate new technologies as they...

industrial refinery energy plant oil gas

Researchers and defenders needed in IIoT

Strategies to overcome the complexity of patching vulnerabilities in critical infrastructure

owasp

Latest OWASP Top 10 looks at APIs, web apps

The new release of the OWASP Top 10 list is out from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs

Open Source sign in yellow field against blue sky

Open source security risks persist in commercial software [Infographic]

Black Duck’s second annual Open Source Security and Risk Analysis report shows that commonly used infrastructure components have high-risk vulnerabilities.

owasp

Contrast Security responds to OWASP Top 10 controversy

Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor...

mobile gaming phone woman

R2Games compromised again, over one million accounts exposed

Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase...

1 buying decision

9 questions to ask when selecting application security solutions

Organizations need to determine the right tools to stay relatively risk free. Open source security vendor Black Duck explains why asking these key questions can help you determine the right mix of application tools and capabilities...

Oracle headquarters

Oracle fixes Struts and Shadow Brokers exploits in huge patch release

Oracle released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security...

pig bricks building

Secure systems and the three little pigs

How to create a secure systems development practice in spite of Agile, DevOps and changing threats

devops

The intersection of DevOps and application security

This article discusses DevOps security and the application security tools that need to be embedded within its process. These additions enable proper InfoSec protection of web applications.

1 app hacked

How to prevent your mobile app from getting hacked

TriviaCrack may be addicting to users, but criminals are hooked on getting your personal information from other apps you use

datarescue matt jones1 100713820 orig

The rising security risk of the citizen developer

Citizen developers may help enterprises to develop apps more quickly, but what is this new breed of developer going to do to enterprise security?

dragon statue head

Can AI and ML slay the healthcare ransomware dragon?

Healthcare is well known as “low-hanging fruit” for ransomware attacks. But according to some experts, artificial intelligence and machine learning, as part of a “layered” security program, can make them a much more difficult target.

Load More