Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
NSS Labs' latest research gives Internet Explorer 10 high marks for malware blocking.
The ISO/IEC 27034-1 offers a "common validation language" for security development practices and offers organizations a clear and simple outline for adopting a security development framework.
Smaller open source projects tend to be more secure than proprietary applications, but the opposite is the case for software with more than a million lines of code, according to a new report from Coverity.
Georgetown University will launch a new Security and Software Engineering Research Center (S2ERC) that will that will research cyber threats and other security and technology issues.
While some best practices such as software security training are effective in getting developers to write secure code, following best practices does not necessarily lead to better security, WhiteHat Security found.
According to a report from Imperva, threat-blocking efficiency is greatly increased with the addition of crowd-sourced threat intelligence.
HP released an update to its WebInspect application security tool, designed to replicate real-world attacks and improve the testing phase of QA.
Attackers are using brute force attacks against WordPress administrative logins, using the username "admin" and trying combinations of thousands of passwords to gain unauthorized access.
SafeNet has released the latest version of its secure app development technology to help organizations protect their software from counterfeiting and misuse.
In a recent survey, 58% percent of respondents said that the top benefit of real-time Web development was security, but at the same time 67% of the same group listed it as the top concern in their development planning.
- 1 of 11
- ››
FEATURES, INSIGHTS // Application Security
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
- 1 of 5
- ››
Subscribe to SecurityWeek
- Researcher to Demonstrate Hollywood Style Attack at BlackHat
- Malicious Campaign Targeting Government Security News Hit Dozens of Sites
- Microsoft Unveils Three Bug Bounty Programs for Win 8.1, IE 11 Previews
- Russia and U.S. Setup Cybersecurity Hotline to Prevent Accidental Cyberwar
- Andreessen Horowitz and Citi Ventures Drop $11M Into Phone Fraud Prevention Startup
- Threat Intelligence Staffing to Evolve Security Operations
- Risk I/O Integrates Real-Time Attack Data
- Top WordPress Plugins Contain Serious Security Vulnerabilities
- Oracle Patches Critical Java Vulnerabilities
- Source Code for Carberp Trojan for Sale in Cybercrime Underground
Copyright © 2013 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use