Application Security

Application Security news, information, and how-to advice

green paper plane
100 dollar bills

judges scorecard

How to get CVSS right

CVSS is a good system in which to develop your vulnerability management program. But Ben Rothke argues that unless you customize it, you will always be basing your program off of other people's vulnerabilities.

patch bandage band-aid first-aid ouch cure remedy

Microsoft Patch Tuesday: The patches just keep coming

Microsoft's latest round of patches covers Internet Explorer, Windows, Office and other Microsoft products

apple watch calls time on apple retail

Five security questions you should be asking about the Apple Watch

The Apple Watch isn't due to hit the market until April 24, but many security professionals are already thinking about the security implications of the new generation of wearables that it promises to usher in.

windows phone biometrics security eye fingerprint

18-year-old SMB vulnerability resurfaces, dozens of vendors affected

SPEAR, the research team at Cylance, has discovered new attack vectors for an 18-year-old vulnerability in Windows Server Message Block (SMB). The updated attack vector, called Redirect to SMB, impacts products from Microsoft, Apple,...

heartbleed 1200x700

A bloody mess: Vast majority of organizations are still vulnerable to Heartbleed

According to research from Venafi, a vast majority of the world's top businesses are still vulnerable to Heartbleed, which was disclosed a year ago this month. The OpenSSL flaw impacted organizations both large and small, but the...

Mozilla Firefox mug

SSL flaw forces Mozilla to pull Opportunistic Encryption

Less than a week after it was introduced in Firefox 37, Opportunistic Encryption (OE) has been removed by Mozilla due to a flaw that was discovered in their HTTP Alternative Services implementation.

kkk ddos anonymous

Anonymous proxies now used in a fifth of DDOS attacks

The number of distributed denial of service attacks using anonymous proxies has increased dramatically over the past year, according to a new research report, as attackers use these proxies to create an instant pseudo-botnet

DDOS attacks less frequent last year, more dangerous

The total number of distributed denial of service attacks declined steadily last year, from more than 450,000 attacks in the first quarter to fewer than 150,000 in the fourth quarter -- but the size and complexity of the average...

security open lock

The state of open source security

Recent high-profile vulnerabilities have put the lie to the 'many eyes' theory -- but also driven real progress in securing the open source ecosystem

patch band-aid bandage broken fix

AVG lauded for fast vulnerability response

Security researchers from Tel-Aviv-based enSilo are congratulating anti-virus vendor AVG Technologies for its fast response to a security flaw in one of its programs

android filter

Google's screening process could help mitigate new Android vulnerability

Researchers at Palo Alto Networks' (PAN) Unit 42 have disclosed the details behind a widespread vulnerability that impact 49.5 percent of the current Android base. The flaw enables attackers the ability to hijack the installation of...

android malware

Google Play adds humans to the app review process

Google has announced that they're taking additional measures to lower the amount of malicious code appearing in the Google Play store.


Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls

Late last year, CSO Online reported on a vulnerability in Drupal that could have left thousands of websites compromised. Last week, researchers examined the attack in more detail, measuring the time it would take to compromise a...

sql injection

Waratek takes on SQL injections with new RASP approach

Companies looking to protect their Web applications from SQL injection attacks typically install a firewall in learning mode and train it to recognize attacks. It's not a perfect solution, but it's been the best available.


MongoDB tool vulnerable to remote code execution flaw

MongoDB, one of the Web's leading NoSQL platforms, is a popular alternative to table-based relational databases. One of the GUI tools used to manage MongoDB (phpMoAdmin) has a serious vulnerability that, if exploited, allows an...

samsung galaxy tab s

BlackBerry teams with Samsung and IBM to offer governments a secure tablet

BlackBerry is returning to the tablet market -- this time with the help of Samsung Electronics, IBM and Secusmart, the German encryption specialist BlackBerry bought last year.

wordpress dot org

Over a million WordPress websites at risk because of flaw in popular SEO plug-in

The vulnerability in a plug-in from Yoast exposes sites to SQL injection attacks

app malware

Attackers clone malware-laden copies of popular apps

Don’t get angry when cyber crooks give your enterprise the bird, get even.

Load More