Application Security

Application Security news, information, and how-to advice

red paperclip
woman looking shocked holding smartphone and alarm clock

free security avast

Researcher finds serious flaw in Chromium-based Avast SafeZone browser

A Google security researcher found a serious vulnerability in the Avast SafeZone browser that doesn't exist in Chromium, the open-source browser that serves as its foundation.

panthers nfl cardinals

'Defense wins championships' in application security and NFL

If the team apps in the NFL are any indication of their defense on the field, the Broncos are looking good for Sunday's Superbowl.

security hole in fence clouds gap opening

How to be or find a skilled pen tester

Pen testers are and will continue to be in high demand.

thumbs up

How to build a top-notch vulnerability management program

The vulnerability management program can be elevated from good to great by close and tight integration with several key associated systems

magento logo

Critical vulnerabilities patched in Magento e-commerce platform

The latest patches for the Magento e-commerce platform fix critical vulnerabilities that could allow attackers to hijack administrative accounts.

Intel Core i7

Serious flaw patched in Intel Driver Update Utility

A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.

insulin pump

Advocacy group calls on health-care industry to adopt medical device security principles

Advocacy group I Am the Cavalry is urging organizations that manufacture and distribute medical devices to adopt a cybersecurity version of the Hippocratic Oath.


Network security vs. app security: What's the difference, and why does it matter?

The idea that time and resources should be invested in either network security or application security is misguided as both are equally as important to securing the enterprise.

Password entry

ShmooCon: LastPass design elements create perfect Phishing opportunity

At ShmooCon on Saturday, Sean Cassidy, the CTO of Praesidio, demonstrated a clever attack against LastPass, which is possible thanks to a security trade off and easily spoofed UX elements.

itskills training ts

Beyond the basics: The certifications you need based on the path you choose

Turns out that a lot of people have a lot of differing opinions on what education, certifications, and training folks new to security ought to have. This is the third of a three-part series on certifications.

Nathaniel Gleicher

Illumio hires White House cybersecurity policy director as head of cybersecurity strategy

Application security startup Illumio has appointed Nathaniel Gleicher as its new Head of Cybersecurity Strategy.

Web app attack 620x465

5 stages of a Web app attack [Infographic]

How well do know your Web attack anatomy?

7 encryption

Defense One: Islamic State has written its own encrypted communications app

The Islamic State is deploying its own encrypted communications app for Android, an eventuality predicted by experts who oppose efforts of governments to require encryption backdoors so they can find out what criminals are saying to...

microsoft headquarters

Microsoft fixes critical flaws in Windows, Office, Edge, IE and other products

Microsoft released critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.

hp acquired

Trend Micro's tipping point: Acquisiton of HP's network defense products

Trend Micro acquires HP TippingPoint

seo hp

Black Hat SEO campaign powered by SQL Injection

A new threat advisory from Akamai highlights a Black Hat SEO campaign that's leveraging SQL Injection as a means to generate links to website dedicated to stories about cheating. The shady SEO campaign can be considered a success too,...


Drupal to secure its update process with HTTPS

Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher found weaknesses in it.

flu shot

Antivirus software could make your company more vulnerable

Cyberespionage groups could easily exploit vulnerabilities in antivirus programs to break into corporate networks, according to vulnerability researchers who have analyzed such products in recent years.

Load More