Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A bug in Uber could have been used by users to ride for free anywhere where the service is available, a researcher has discovered. [Read More]
CA Technologies (NASDAQ:CA) has signed a definitive agreement to acquire Veracode, a provider application security testing solutions for roughly $614 in cash. [Read More]
A researcher managed to bypass Google’s ReCaptcha v2 and decided to make the discovery public after Google failed to patch it for several months. [Read More]
Google researchers find critical remote code execution vulnerability in ESET Endpoint Antivirus for macOS [Read More]
Thousands of MySQL databases are potential victims to a ransom attack that appears to be an evolution of the MongoDB ransack attack earlier this year. [Read More]
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. [Read More]
Breach that may have affected many major organizations comes to light after nearly two years. Links found to Chinese APTs [Read More]
A backdoor found in the default configuration of the Unanet web application allows an unauthenticated attacker to login and manipulate user accounts and the roles they maintain. [Read More]
Absolute extends endpoint security self-healing capabilities to third-party applications [Read More]
Researchers found 76 popular iOS applications that allow attackers to silently intercept TLS-protected data [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.