Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers found 76 popular iOS applications that allow attackers to silently intercept TLS-protected data [Read More]
Researchers analyzed 283 Android VPN applications from Google Play and found that many of them introduce security and privacy risks [Read More]
Cisco Systems on announced a $3.7 billion deal to buy a startup AppDynamics, which specializes in improving the performance of applications, continuing to expand beyond computer networking hardware. [Read More]
A stored XSS vulnerability in the HTML Comment Box widget exposed a large number of websites to attacks [Read More]
Oracle gives Java developers more time to ensure that their JAR files are not signed with MD5 [Read More]
Shape Security predicts that credential stuffing will become a major issue during 2017 as the 3.3 billion credentials spilled in 2016 work their way through the criminal system. [Read More]
Some third-party applications unnecessarily store keys or secrets that could be abused to leak a variety of user credentials and other type of sensitive data, software security startup Fallible warns. [Read More]
Trend Micro's Zero Day Initiative (ZDI) paid out nearly $2 million in 2016 for vulnerabilities [Read More]
Imperva analyzed web application vulnerability trends and found that DoS attacks have become more common while XSS attacks declined [Read More]
The developers of the libpng library have patched a null pointer dereference flaw that has been around since 1995 [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.