Application Security
Application Security | News, how-tos, features, reviews, and videos
Skipped patch from 2012 makes old Microsoft Office systems a favored target
Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.
4 critical issues surrounding contact-tracing apps
As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.
6 common container security mistakes to avoid
Containers are a secure way to deploy applications and services, but only if you use them properly. Here's how.
Make simple software security checks part of your purchasing process
A few hours of due diligence when evaluating software for purchase is cheaper than incident response clean up.
The 15 biggest data breaches of the 21st century
Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.
RubyGems typosquatting attack hits Ruby developers with trojanized packages
Attacker targeted Windows systems to hijack cryptocurrency transactions, and was able to evade anti-typosquatting measures.
Review: How ShiftLeft catches vulnerabilities during code development
This combination traffic analysis tool and dynamic application security testing tool works with nearly any language and CI system, is very easy to use, and integrates directly into the development process.
RSA 2020: 7 trends and takeaways
Attendance down, costs up, and lots of tech talk
![IDG Tech Spotlight > Containers + Virtualization [ CSO / March 2020 ]](https://images.idgesg.net/images/article/2020/03/tech_spotlight_containers_virtualization_cso_by_felix10870_gettyimages_3x2_2400x1600-100834586-small.3x2.jpg)
How Visa built its own container security solution
The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms and is primarily built on top of open-source tools and libraries.
APIs are becoming a major target for credential stuffing attacks
New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.
12 hottest new cybersecurity startups at RSA 2020
Cybersecurity startup companies use the RSA Conference to make their public debut and showcase their products. These are some of the more interesting startups coming out of stealth.
Cybersecurity spending trends, 2020
Spending is up, but perhaps not in the most needed areas, increased business leader involvement brings new challenges, while vertical industries have different requirements and priorities.
Cybersecurity in 2020: From secure code to defense in depth
CIO, Computerworld, CSO, InfoWorld, and Network World tackle the hot security issues, from prioritizing risk to securing digital transformation.
What is a buffer overflow? And how hackers exploit these vulnerabilities
A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to overflow to adjacent...
Inspecting TLS-encrypted traffic with mitmproxy
The free, open-source mitmproxy tool makes it easy to inspect TLS-encrypted app and web traffic to see exactly who your phone is talking to.
9 top fuzzing tools: Finding the weirdest application errors
Fuzz testing tools root out odd programming errors that might result in dangerous unexpected application errors that attackers can exploit.
8 common pen testing mistakes and how to avoid them
Penetration testing is vital, but are you doing it right? Here are some common mistakes and advice on how to avoid them.
What you need to know about the new OWASP API Security Top 10 list
APIs now account for 40% of the attack surface for all web-enabled apps. OWASP has identified 10 areas where enterprises can lower that risk.
-
eBook
Sponsored -
White Paper
-
White Paper
-
Video/Webcast
Sponsored -
White Paper
Most Popular
BrandPosts
Learn more-
Sponsored by Veracode