Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

An Australian security researcher has uncovered a bug that provided him access to an unsecured administration panel for an internal content management system (CMS) used by staff at Yahoo.
Fortinet has introduced a new on-demand, pay-as-you-go offering for its FortiWeb-VM Web Application Firewalls (WAFs) for Amazon Web Services (AWS).
PayPal has fixed a filter bypass flaw and a persistent input validation vulnerability affecting its MultiOrder Shipping application.
A new report from Check Point discusses some of the most common P2P, file sharing and remote administration tools found operating in the enterprise, often under the radar.
The "Covert Redirect" security issue uncovered in login tools OAuth and OpenID, places the responsibility for user security in the wrong place, experts say.
Adobe has made several security enhancements to ColdFusion 11, giving developers access to an extensive toolkit of security controls and other additional features.
The Heartbleed vulnerability was disclosed a little over two weeks ago, and administrators have promptly patched affected servers. That was just the easy part. The hard work lies ahead.
CrowdStrike has released a free tool to help organizations detect the presence of systems on their networks that are vulnerable to the OpenSSL Heartbleed vulnerability.
Microsoft has updated its threat modeling tool with a number of new features.
Imperva issued a threat advisory for a code injection vulnerability in PHP (CVE-2012-1823).

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.