Application Security

Application Security news, information, and how-to advice

intel haswell microchip cpu
samsung pay mobile wallet nfc

sexy spy

Researcher says Adult Friend Finder vulnerable to file inclusion vulnerabilities

On Twitter Tuesday evening, a researcher known for exposing application flaws posted screenshots showing Local File Inclusion vulnerabilities on The incident marks the second time in just over a year that the...

cloud data disaster breach 100453001 orig

How CSOs can better manage third-party risks

Scott Schneider from CyberGRX chats with CSO about how security managers can secure their data when dealing with third-party vendors.

Real-world devops failures -- and how to avoid them

War stories: just shut off telnet

Years ago I was working on a project that had a rather interesting premise. It was a way to send a file between two parties that was stamped as verified by a third party intermediary. Pretty basic stuff but, in the 90s it was...

slack icon

Security for your collaborative software

There’s a gaping hole in your security infrastructure right now. The front door is open, the side window is ajar, and there’s an open safe with a neon sign saying “steal my data” in flashing lights.

00 intro devops

7 ways DevOps benefits CISOs and their security programs

Many organizations are regularly pushing out tens if not hundreds of releases and updates on a daily basis. With help and guidance from the security team, organizations can push secure releases on the first try and save lots of money...

Cyber security breach attack on monitor with binary code

IT audits must consider the cyber kill chain and much more!

Its not enough to perform an IT audit to achieve compliance alone, Today's threat landscape includes sophisticated APT's, Advanced Persistent Threats, Remote access Trojans and Ransomeware to name a few, In order for an IT audit to...

ransomware locked computer stock image cropped

IP Expo Nordic and getting Popp’d by ransomware

Ransomware has become all the rage in the security field these days. Both from the perspective of the writers and the defenders. The media is lousy with these articles and I’m apparently not above writing about it myself. This...

iot retail internet of things

DDoS takedown powered by IoT devices

Lack of security leaves enterprises cleaning up the IoT vulnerability mess

5 checklist

What’s in your code? Why you need a software bill of materials

When developers and suppliers carefully list the tools used to build an application and what third-party components are included, IT can improve software patching and updates


Chrome OS gets cryptographically verified enterprise device management

Companies will now be able to cryptographically validate the identity of Chrome OS devices connecting to their networks and verify that those devices conform to their security policies.

adobe san jose

Adobe fixes critical flaws in Flash Player and Digital Editions

Adobe Systems has fixed over 30 vulnerabilities in its Flash Player and Digital Editions products, most of which could be exploited to remotely install malware on computers.


How to get a more cost-effective cyber insurance policy

Tips on how to mitigate risks and get more bang for your buck on cyber insurance

fingers hug friends

Bugcrowd, the for developers and researchers?

Is it better for business if developers and researchers can build a better relationship?

microsoft headquarters

Microsoft bug bounty program adds .NET Core and ASP.NET Core

Microsoft has expanded its bug bounty programs to cover its open-source .NET Core and ASP.NET Core application development platforms.

pixelated clouds reflecting on building windows

Experts challenge Skyhigh's patent for cloud-based encryption gateway

Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology is...

pokemon go app

Pokemon Go puts enterprises at risk

Eight statistics that might surprise you about Pokemon Go and the corporate network

devops tattoo

Automate, integrate, collaborate: Devops lessons for security

Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well

patch job

Never patch another system again

Over the years I have been asked a curious question numerous times. 'If we use product x or solution y we wouldn't have to patch anymore, right?" At this point in the conversation I would often sit back in my seat and try to look...

Load More