Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers detail a new attack method that leverages the lack of isolation between Firefox browser extensions [Read More]
A recent layer 7 distributed DDoS attack managed to break all previous known records in terms of bandwidth consumption, peaking at 8.7 Gbps. [Read More]
Zen Cart has released an updated version of its popular online open source shopping cart application to address multiple Cross-Site Scripting (XSS) vulnerabilities. [Read More]
The personal details of thousands of foreign nationals living in southern Thailand were briefly leaked online in what the site's developer admitted was a data breach during a test for police. [Read More]
Researchers discovered that a patch released by Oracle more than two years ago for a serious Java sandbox escape vulnerability can be easily bypassed [Read More]
Custom Content Type Manager (CCTM) recently turned rogue and started stealing admin credentials via a backdoor, researchers at Sucuri discovered. [Read More]
Tens of thousands of WordPress websites have been used to launch Layer 7 distributed denial of service (DDoS) attacks. [Read More]
Oracle abandons Java browser plugin as Web browser vendors end support for NPAPI plugins [Read More]
Software that allows iOS app developers to quickly push patches and updates to their customers has a lot of benefits, but it also makes Apple’s app ecosystem less secure [Read More]
PayPal has patched a serious RCE vulnerability in one of its applications. The security hole was caused by a Java deserialization bug disclosed last year [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.