Security Experts:

long dotted


A new OAuth 2.0 token revocation rule will soon cause third-party mail apps to stop syncing data upon user password change, Google revealed. [Read More]
The SAP Security Patch Day fixes for September 2016 address 19 vulnerabilities, including a couple of serious flaws in ASE [Read More]
Google’s login page is plagued by a whitelist bypass vulnerability that could allow an attacker to redirect users to arbitrary pages or trick them into downloading malicious code, security researcher Aidan Woods claims. [Read More]
Vulnerabilities found by researchers in the Micro Focus GroupWise collaboration tool expose organizations to remote attacks [Read More]
Researchers once again bypass the User Account Control (UAC) security feature in Windows – this time they used the Event Viewer [Read More]
Vulnerabilities found by researchers in Trane smart thermostats could have been exploited to remotely hack the devices [Read More]
Vulnerabilities found by a researcher in the Venmo payment app could have been exploited to steal money from users [Read More]
Black Hat organizers updated the conference’s mobile app after researchers discovered several vulnerabilities [Read More]
A flaw related to how Intel’s Crosswalk handles SSL certificates exposes mobile apps to MitM attacks [Read More]
Blue Coat has analyzed 15,000 business cloud apps and determined that 99% of them lack enterprise-grade security [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.