Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The Heartbleed vulnerability was disclosed a little over two weeks ago, and administrators have promptly patched affected servers. That was just the easy part. The hard work lies ahead.
CrowdStrike has released a free tool to help organizations detect the presence of systems on their networks that are vulnerable to the OpenSSL Heartbleed vulnerability.
Microsoft has updated its threat modeling tool with a number of new features.
Imperva issued a threat advisory for a code injection vulnerability in PHP (CVE-2012-1823).
Trustwave has acquired Cenzic, Inc., a maker of application security testing solutions, for an undisclosed sum.
Qualys said its QualysGuard Web Application Firewall (WAF) service for web applications running in Amazon EC2 and on-premise is now available.
Mocana, a provider of security solutions for embedded and mobile devices, introduced Mocana Atlas Extended Enterprise Engine, a new appliance designed to simplify and secure enterprise mobile app deployments.
When it comes to securing a Linux machine, the answer is not installing an antivirus or some other security software. The key lies in hardening the operating system.
WhiteHat Security announced that Jeremiah Grossman, company founder, has accepted the Board of Directors offer to lead the company as its interim CEO following the resignation of former CEO Stephanie Fohn.
Shape Security has launched new class of security appliance designed to protect websites against cyber attacks stemming from malware and bots.

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.