Application Security

Application Security news, information, and how-to advice

vlc
anthony grieco

industrial refinery energy plant oil gas

Researchers and defenders needed in IIoT

Strategies to overcome the complexity of patching vulnerabilities in critical infrastructure

owasp

Latest OWASP Top 10 looks at APIs, web apps

The new release of the OWASP Top 10 list is out from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs

owasp

Contrast Security responds to OWASP Top 10 controversy

Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor...

Open Source sign in yellow field against blue sky

Open source security risks persist in commercial software [Infographic]

Black Duck’s second annual Open Source Security and Risk Analysis report shows that commonly used infrastructure components have high-risk vulnerabilities.

mobile gaming phone woman

R2Games compromised again, over one million accounts exposed

Online gaming company Reality Squared Games (R2Games) has been compromised for the second time in two years, according to records obtained by the for-profit notification service LeakBase. The hacker who shared the data with LeakBase...

1 buying decision

9 questions to ask when selecting application security solutions

Organizations need to determine the right tools to stay relatively risk free. Open source security vendor Black Duck explains why asking these key questions can help you determine the right mix of application tools and capabilities...

Oracle headquarters

Oracle fixes Struts and Shadow Brokers exploits in huge patch release

Oracle released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security...

pig bricks building

Secure systems and the three little pigs

How to create a secure systems development practice in spite of Agile, DevOps and changing threats

devops

The intersection of DevOps and application security

This article discusses DevOps security and the application security tools that need to be embedded within its process. These additions enable proper InfoSec protection of web applications.

1 app hacked

How to prevent your mobile app from getting hacked

TriviaCrack may be addicting to users, but criminals are hooked on getting your personal information from other apps you use

datarescue matt jones1 100713820 orig

The rising security risk of the citizen developer

Citizen developers may help enterprises to develop apps more quickly, but what is this new breed of developer going to do to enterprise security?

dragon statue head

Can AI and ML slay the healthcare ransomware dragon?

Healthcare is well known as “low-hanging fruit” for ransomware attacks. But according to some experts, artificial intelligence and machine learning, as part of a “layered” security program, can make them a much more difficult target.

1 running back football

Top 10 ways to achieve agile security

Find out how to enable developers to do what they wanted, when they wanted, as fast as they wanted

iot

Realistic ways to lock down IoT

How CSOs can best secure and understand IoT devices that enter their organization's network infrastructure

headache man

Antivirus headaches that compromise browser security

Why web browsers leave security engineers constantly playing defense.

manometer measure pressure

What makes a good application pen test? Metrics

Research from application security crowd testing and bug bounty program provider Cobalt attempts to define what enterprises could measure to improve results

email encryption

Top 5 email security best practices to prevent malware distribution

With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organizations – their security teams and employees – to adopt appropriate security strategies...

Black Hat 2015

The CSO guide to top security conferences

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

Load More