Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

According to a survey, forty-seven percent of respondents "expect to be protected from cyber-attacks by either their company or third-party app developers." [Read More]
Google researcher Tavis Ormandy releases tool for porting Windows DLLs to Linux to improve fuzzing - ports Windows Defender as demo [Read More]
Attackers can remotely hijack millions of systems using malicious subtitle files and vulnerabilities in popular media players [Read More]
In the light of a recent phishing attack targeting Gmail users, Google is updating its app identity guidelines and is implementing a more thorough review process for new web applications that request user data. [Read More]
A vulnerability in a forensics tool from Guidance Software can be exploited to hack the investigator’s computer and manipulate evidence [Read More]
Critical unauthenticated remote code execution vulnerability patched in open source automation server Jenkins [Read More]
Vulnerabilities in Bosch’s Drivelog Connect dongle and its mobile app allow hackers to send malicious CAN messages to a car and stop its engine [Read More]
Researchers find serious vulnerabilities in Riverbed’s SteelCentral application and network performance monitoring system [Read More]
DoubleAgent is a new attack method that abuses a legitimate Microsoft tool to hijack security products [Read More]
Google painted a bleak picture of cybersecurity trends, saying the number of websites hacked rose 32 percent in 2016, with little relief in sight. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...