Application Security

Application Security news, information, and how-to advice

pixelated clouds reflecting on building windows
pokemon go app

devops tattoo

Automate, integrate, collaborate: Devops lessons for security

Devops is transforming application development; the same principles of automation, integration, and collaboration can vastly improve security as well

patch job

Never patch another system again

Over the years I have been asked a curious question numerous times. 'If we use product x or solution y we wouldn't have to patch anymore, right?" At this point in the conversation I would often sit back in my seat and try to look...

blackhat 2015 jeep hack

Presentations show the auto industry needs to shore up cars' security

A look at security tools that help auto manufacturers build safer connected cars

7 Signs You're Doing Devops Wrong

Reach 'em and teach 'em--educating developers on application security

How to bring security to the forefront and have it as an integral part of any software development lifecycle

chrysler 300c console

Does entertainment trump security in connected cars?

Security as an afterthought is still the cause of most common vulnerabilities in connected cars.

vintage ad

Adware turns a tidy profit for those who sneak it into downloads

If you've ever downloaded software, chances are you've experienced an all-too-common surprise: ads or other unwanted programs that tagged along for the ride, only to pop up on your PC uninvited. Turns out there's a highly lucrative...

20151027 oracle logo on yacht

Hackers hit Oracle's Micros payment systems division

Russian cybercriminals have infiltrated systems at Micros, an Oracle division that is one of the world's biggest vendors of point of sale payment systems for shops and restaurants, according to an influential security blogger.

standing out crowd

Security by the people

Sometimes it takes a village. In the case of information security, sometimes it takes an employee. Forward thinking enterprises can go beyond simply providing IT security awareness training and hygiene tips for their users, and enlist...

mobile phishing

Mobile phishing – same attacks – different hooks

I spent the last two weeks talking with CISOs, application developers, mobility experts and IoT thought leaders like SRI’s Dr. Ulf Lindqvist. One thing was for certain – mobile is receiving a lot of attention from the...

The future of red teaming: Computer robots face off in adversarial rounds

If you were at BSides and you caught the presentation from Endgame's principal security data scientist, Hyrum Anderson, you were likely wowed by the innovative dueling defender and adversary demonstration. If you missed it, Anderson...

4 cloud

How to best vet third-party vendors

Cloud providers have raised awareness of third party risks to security

coding waves

The evolution of DevOps: the perfect storm for instituting secure coding practices

The nature of DevOps development approaches eases, invites, cries out for secure coding practices.

blackhat2013

A run down on Black Hat for security newbs

What to expect if it's your first security conference

unveil disclosure

Defining ransomware and data breach disclosure

Does a ransomware attack cause the “acquisition, access, use or disclosure” of ePHI?” No court decision has yet to address this issue, but expert commentators have taken either side of the argument.

code vulnerability software

Flaws in Oracle file processing SDKs affect major third-party products

Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday also affect products from third-party software vendors, including Microsoft.

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new batch of security updates for over 80 products from its software portfolio in order to fix 276 vulnerabilities.

Ubuntu China

Flaw in vBulletin add-on leads to Ubuntu Forums database breach

Ubuntu support forums users should be on the lookout for dodgy emails after the website's database of 2 million email addresses has been stolen.

microsoft headquarters

Microsoft fixes critical vulnerabilities in IE, Edge, Office, and Windows print services

Microsoft's new batch of security patches fixes 47 vulnerabilities across its products, including in Internet Explorer, Edge, Office, Windows and the .NET Framework.

Load More