Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Software that allows iOS app developers to quickly push patches and updates to their customers has a lot of benefits, but it also makes Apple’s app ecosystem less secure [Read More]
PayPal has patched a serious RCE vulnerability in one of its applications. The security hole was caused by a Java deserialization bug disclosed last year [Read More]
New Check Point 15000 and 23000 Series appliances are designed for large enterprise and data center networks, and include integrated firewall, IPS, Application Control, AV, AnitBot, URL Filtering, sandboxing. [Read More]
Shape Security has raised $25 Million in a Series D funding round to accelerate deployments of its Botwall Service, with specific plans to expand further in China. [Read More]
Google researcher Tavis Ormandy has identified critical remote code execution vulnerabilities in Trend Micro’s Password Manager [Read More]
Microsoft has improved Edge security by blocking the injection of components and drivers that are not signed. [Read More]
Attacks designed to compromise users and steal sensitive data are increasing in magnitude and velocity as cybercriminals leverage automated tools to attack at scale. [Read More]
Hackers breached the systems of anti-adblocking service PageFair and used the access to deliver malware [Read More]
Netflix this week released an in-house developed tool for discovering cross-site scripting (XSS) vulnerabilities in applications and for scanning secondary software programs for potential XSS flaws. [Read More]
Web browser vendors are limiting Flash content so Amazon has decided not to accept Flash ads for Amazon.com starting with September 1. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.