Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Mozilla announced plans to boost the Cross-Site-Scripting (XSS) protections in Firefox by treating data URLs as unique origin. [Read More]
Appthority report reveals which iOS and Android apps are the most blacklisted by security teams [Read More]
Analysis of 21 popular mobile stock trading apps revealed the existence of several vulnerabilities and the lack of important security features [Read More]
Equifax shares more details about the breach and how it was discovered by the company [Read More]
Around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code. [Read More]
Equifax confirms that an Apache Struts vulnerability exploited in the wild since March has been used to breach its systems [Read More]
SEC Consult discloses details of several vulnerabilities affecting IBM InfoSphere DataStage and Information Server [Read More]
Apache Struts 2 vulnerability reportedly exploited to hack Equifax and gain access to customer data [Read More]
Hackers have already started exploiting a recently patched remote code execution vulnerability affecting Apache Struts 2 [Read More]
Bitdefender launches Bugcrowd-based public bug bounty program with rewards of up to $1,500 [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.