Application Security

Application Security | News, how-tos, features, reviews, and videos

binary data inside of a safe / secure containerization
Feature

9 container security tools, and why you need them

Most traditional security tools won't help with protecting container data and images. These options were built specifically for container security.

raining data on keyboard programming developer code
Feature

What is DevSecOps? Why it's hard to do well

DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives.

cloud security shield with checkmark / cloud / digital connections / cloud security expert / CASB
Feature

How do you secure the cloud? New data points a way

New reports show big differences in risk among public, private and hybrid cloud deployments. Here’s advice on the tools, information and organizational structure needed to execute a successful cloud security strategy.

A rusty old lock hangs open amid the flow of binary code.
Feature

Skipped patch from 2012 makes old Microsoft Office systems a favored target

Some organizations have still not implemented an Office patch from 2012. Attackers know this and are exploiting the vulnerability.

COVID-19 contact tracing app
News Analysis

4 critical issues surrounding contact-tracing apps

As countries rush to release contact-tracing apps, experts fear a lack of security and privacy controls.

Number six, painted on a door with a lock with abstract overlay of digital containers.
Feature

6 common container security mistakes to avoid

Containers are a secure way to deploy applications and services, but only if you use them properly. Here's how.

Binary code / magnifying lens / inspection / analysis
Feature

Make simple software security checks part of your purchasing process

A few hours of due diligence when evaluating software for purchase is cheaper than incident response clean up.

Cryptojacking > Binary skull, code and bitcoin symbols invade systems as malware
News Analysis

RubyGems typosquatting attack hits Ruby developers with trojanized packages

Attacker targeted Windows systems to hijack cryptocurrency transactions, and was able to evade anti-typosquatting measures.

coding / programming / development / binary code
Review

Review: How ShiftLeft catches vulnerabilities during code development

This combination traffic analysis tool and dynamic application security testing tool works with nearly any language and CI system, is very easy to use, and integrates directly into the development process.

A glowing light bulb stands out from a crowd of unlit bulbs. [ideas / innovation / transformation]
Cybersecurity SnippetsBy

RSA 2020: 7 trends and takeaways

Attendance down, costs up, and lots of tech talk

IDG Tech Spotlight > Containers + Virtualization [ CSO / March 2020 ]
Feature

How Visa built its own container security solution

The homegrown solution takes advantage of the native capabilities that already exist on container orchestration platforms and is primarily built on top of open-source tools and libraries.

Many keys, one lock > Brute-force credential stuffing.
News Analysis

APIs are becoming a major target for credential stuffing attacks

New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.

RSA 2020's hot new startups
Feature

12 hottest new cybersecurity startups at RSA 2020

Cybersecurity startup companies use the RSA Conference to make their public debut and showcase their products. These are some of the more interesting startups coming out of stealth.

budget piggy bank spending savings security spending
Cybersecurity SnippetsBy

Cybersecurity spending trends, 2020

Spending is up, but perhaps not in the most needed areas, increased business leader involvement brings new challenges, while vertical industries have different requirements and priorities.

IDG Tech Spotlight > Security > Cybersecurity in 2020: From secure code to defense in depth
Feature

Cybersecurity in 2020: From secure code to defense in depth

CIO, Computerworld, CSO, InfoWorld, and Network World tackle the hot security issues, from prioritizing risk to securing digital transformation.

Overflow > Pouring more binary water into a glass than it can hold causing overflow.
Feature

What is a buffer overflow? And how hackers exploit these vulnerabilities

A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to overflow to adjacent...

mobile security / threat detection / traffic analysis
Feature

Inspecting TLS-encrypted traffic with mitmproxy

The free, open-source mitmproxy tool makes it easy to inspect TLS-encrypted app and web traffic to see exactly who your phone is talking to.

tools / toolkit / binary code
Feature

9 top fuzzing tools: Finding the weirdest application errors

Fuzz testing tools root out odd programming errors that might result in dangerous unexpected application errors that attackers can exploit.

CSO > breakthrough / penetration testing / sledgehammer breaking through a binary wall
InfoSec at Your ServiceBy

8 common pen testing mistakes and how to avoid them

Penetration testing is vital, but are you doing it right? Here are some common mistakes and advice on how to avoid them.

API security alerts displayed on monitors amid binary code / application security
Feature

What you need to know about the new OWASP API Security Top 10 list

APIs now account for 40% of the attack surface for all web-enabled apps. OWASP has identified 10 areas where enterprises can lower that risk.

Load More