Get RSS feed

Home » Data Protection » Application Security

Application Security

Application security, web app security, secure code development and software vulnerabilities

Application Security articles

Hundreds of DreamHost Websites Abused By Spammers

Zsclaer identified rogue PHP redirect scripts uploaded on hundreds of websites hosted at DreamHost

» full story

PHP 5.3.10 Fixes Critical Remote Code Execution Vulnerability

The vulnerability was introduced by the fix for a hash collision denial-of-service flaw

» full story

Managing the unmanageable

Cloud firewall management vendors unleash new wares aimed to taming virtual firewall sprawl.

» full story

For 'Malware as a Service' merchants, business is booming

Malware merchants have matured, and are more diversified and dangerous than ever.

» full story

Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit

Compromised WordPress 3.2.1 blogs infect visitors with TDSS rootkit through Java exploits

» full story

Coverity and Wind River target development insecurity with new alliance

Software development testing firm Coverity and embedded and mobile software firm Wind River have integrated Coverity's security development testing platform with Wind River's embedded software system.

» full story

Breaches, like history, repeat themselves

Firms that overlook IT security basics are setting themselves up to be breached.

» full story

Kenyan Officials Say Government Sites Hit By Indonesian Hacker

103 sites were compromised in the attack earlier this month

» full story

Norm spreads cheer in the security sandbox with Malware Analyzer G2 (MAG2)

A look at the Malware Analyzer G2 (MAG2) platform, which security vendor Norman hails as a better weapon for those in the data and software protection business.

» full story

Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge

A privilege escalation vulnerability in the Linux kernel allows attackers to gain root access

» full story

» View all Application Security articles

MORE GREAT APPLICATION SECURITY RESOURCES

Still hungry? Here are links to application security books, associations, and other information resources to help you find (and avoid) vulnerabilities and build secure software and websites.

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard (2011). On Amazon.com.
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard (2010). On Amazon.com
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition by Allen Harper (2011). On Amazon.com.
OWASP, the Open Web Application Security Project.
BSIMM, the Building Security In Maturity Model.

Also see Application and software security certifications in CSOonline's Security Certification Directory.

APPLICATION SECURITY ESSENTIALS

In-depth information on tools and strategies for writing secure code, finding vulnerabilities, and other critical application security issues

10 steps to secure browsing
Holistic patch management, browser settings, filtering, and other tactics

Vulnerability management: The basics
5 key tenets for making the most of vulnerability management efforts

Software security for developers
Building security in, from the requirements phase through deployment

Software security for app dev managers
Building and managing a software security program that pays off

A Step-by-Step Guide to Building Virtualization Maturity and Maximizing Virtualization Outcomes
This webinar will explain the key phases of virtualization maturity, outline the critical maturity challenges, and provide you with a step-by-step guide to building your virtualization maturity and maximizing your virtualization outcomes.
A Road Map for Best Practice Social Media Acceptable Use Policy
Organizations around the world are racing to leverage the power of social media for business. Sites like Facebook are used for marketing, human resources, sales, and product teams to carry out daily job functions and create competitive advantage.
LogRhythm: The Platform for Cyber Threat Defense, Detection & Response
LogRhythm management executives describe what's required in today's rapidly-evolving threat landscape and how LogRhythm 6.0 can deliver on those requirements.
LogRhythm CTO & Co-Founder takes "Deep Dive" Into LogRhythm's SIEM 2.0 Platform
View this in-depth, chapterized demo of the LogRhythm Platform to find out why LogRhythm is the platform for cyber threat defense, detection & response.
KPMG & LogRhythm: Apply Continuous Monitoring via SIEM 2.0 for Maximum Visibility & Protection
KPMG's Deron Grzetich and LogRhythm's CTO, Chris Petersen share experiences working with clients to help detect and respond to sophisticated threats such as APTs and how continuous monitoring via SIEM 2.0 can play a meaningful role in thwarting the increasing number of high-profile data breaches occurring today.

» View All Application Security Webcasts

Application Security White Papers

Google: Security for Google Apps Messaging & Collaboration
Content provided by Google

Find out about how Google creates a security-based platform for Google Apps, covering topics like information security, physical security, and operational security.
An Interactive Guide: Bring Your Own Device
BYOD presents significant security and management challenges to IT departments who want to take advantage of the trend, but still protect corporate assets. They struggle with granting users the access they need to perform their jobs, managing a wide variety of different device types, and maintaining the security of the corporate network and applications. In this eGuide, Computerworld along with sister publications CIO, CSO, Network World, and Infoworld examine the BYOD trend, the challenges IT departments face, and some recommendations for overcoming them.
Architecting the Security of the Next-Generation Data Center
This document is aimed at those looking at data center builds, upgrades, or consolidation. It provides an introduction to some of the new security challenges of such environments and provides recommendations for implementing security in next-generation data centers.
Virtual Patching with Network Security
The McAfee virtual patching solution provides a layered approach to security risk management, while adding the ability to apply a virtual patching strategy to your existing change-management process.
Gartner Next Generation Network IPS Research Note
Learn more about Gartner's evaluation of network IPS that places McAfee in the leaders' quadrant. Deep inspection network-based intrusion prevention continues to be a due-diligence security control.
Best Practices for a Successful DLP Deployment
Want to turn data loss problems into data loss prevention? Discover how to unleash DLP's secret weapon and empower your users to be the first line of defense to significantly reduce data loss incidents.

» View All Application Security White Papers

White Papers

Google: Security for Google Apps Messaging & Collaboration

An Interactive Guide: Bring Your Own Device

Architecting the Security of the Next-Generation Data Center

Virtual Patching with Network Security

Gartner Next Generation Network IPS Research Note

Best Practices for a Successful DLP Deployment

User Driven Security: 5 Reasons why it's needed with DLP

Does Your Enterprise Classify It's Data?

Reducing Local Admin Exposure Through Application Whitelisting

Application Security eGuide

Can you handle more web traffic than you ever dreamed of?

Can you deploy a new application in days rather than months?

LogRhythm's New SmartRemediation -- Intelligent, Rapid Response

Overcome Top 7 Admin Challenges of Active Directory

Insiders Can Ruin Your Company. Take Action.

Top Solutions and Tools to Prevent Devastating Malware

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business

More White Papers »

Application Security

Application security, web app security, secure code development and software vulnerabilities

Hundreds of DreamHost Websites Abused By Spammers

PHP 5.3.10 Fixes Critical Remote Code Execution Vulnerability

Managing the unmanageable

For 'Malware as a Service' merchants, business is booming

Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit

Coverity and Wind River target development insecurity with new alliance

Breaches, like history, repeat themselves

Kenyan Officials Say Government Sites Hit By Indonesian Hacker

Norm spreads cheer in the security sandbox with Malware Analyzer G2 (MAG2)

Linux Vendors Rush to Patch Privilege Escalation Flaw After Root Exploits Emerge

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard (2011). On Amazon.com.

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard (2010). On Amazon.com

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition by Allen Harper (2011). On Amazon.com.

OWASP, the Open Web Application Security Project.

BSIMM, the Building Security In Maturity Model.

10 steps to secure browsing
Holistic patch management, browser settings, filtering, and other tactics

Vulnerability management: The basics
5 key tenets for making the most of vulnerability management efforts

Software security for developers
Building security in, from the requirements phase through deployment

Software security for app dev managers
Building and managing a software security program that pays off

How to use source code analysis tools

How to use web application vulnerability scanners

How to compare patch management software

Ranum: Does disclosure work?

Application Security

Application security, web app security, secure code development and software vulnerabilities

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Dafydd Stuttard (2011). On Amazon.com.

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by Michael Howard (2010). On Amazon.com

Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition by Allen Harper (2011). On Amazon.com.

OWASP, the Open Web Application Security Project.

BSIMM, the Building Security In Maturity Model.

10 steps to secure browsing Holistic patch management, browser settings, filtering, and other tactics

Vulnerability management: The basics 5 key tenets for making the most of vulnerability management efforts

Software security for developers Building security in, from the requirements phase through deployment

Software security for app dev managers Building and managing a software security program that pays off

10 steps to secure browsing
Holistic patch management, browser settings, filtering, and other tactics

Vulnerability management: The basics
5 key tenets for making the most of vulnerability management efforts

Software security for developers
Building security in, from the requirements phase through deployment

Software security for app dev managers
Building and managing a software security program that pays off