Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Skyfence has released a free tool designed to provide organizations visibility into cloud app usage and risks.
The IEEE (Institute of Electrical and Electronics Engineers) Center for Secure Design has published some advice to help software developers dodge common mistakes that compromise security.
Of the 1,000 most downloadable free applications, almost 70 percent had at least one SSL vulnerability, according to an analysis FireEye.
Researchers have discovered a flaw in the WordPress Mobile Pack plugin that can be exploited to access password-protected posts.
The security teams at Drupal and WordPress have fixed a remotely exploitable a denial-of-service (DoS) vulnerability in PHP XML parsing that affects tens of millions of websites that use their publishing platforms.
Pwn Pulse from Pwnie Express combines “Hack-in-a-box” sensors with central management for remote location Intelligence.
Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don't want Apple's Gatekeeper anti-malware feature to block them.
An Australian security researcher has uncovered a bug that provided him access to an unsecured administration panel for an internal content management system (CMS) used by staff at Yahoo.
Fortinet has introduced a new on-demand, pay-as-you-go offering for its FortiWeb-VM Web Application Firewalls (WAFs) for Amazon Web Services (AWS).
PayPal has fixed a filter bypass flaw and a persistent input validation vulnerability affecting its MultiOrder Shipping application.

FEATURES, INSIGHTS // Application Security

rss icon

Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.