Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The IEEE (Institute of Electrical and Electronics Engineers) Center for Secure Design has published some advice to help software developers dodge common mistakes that compromise security.
Of the 1,000 most downloadable free applications, almost 70 percent had at least one SSL vulnerability, according to an analysis FireEye.
Researchers have discovered a flaw in the WordPress Mobile Pack plugin that can be exploited to access password-protected posts.
The security teams at Drupal and WordPress have fixed a remotely exploitable a denial-of-service (DoS) vulnerability in PHP XML parsing that affects tens of millions of websites that use their publishing platforms.
Pwn Pulse from Pwnie Express combines “Hack-in-a-box” sensors with central management for remote location Intelligence.
Pre-release notes published by Apple for OS X Mavericks 10.9.5 and Yosemite Developer Preview 5 are informing developers that they might have to re-sign their apps if they don't want Apple's Gatekeeper anti-malware feature to block them.
An Australian security researcher has uncovered a bug that provided him access to an unsecured administration panel for an internal content management system (CMS) used by staff at Yahoo.
Fortinet has introduced a new on-demand, pay-as-you-go offering for its FortiWeb-VM Web Application Firewalls (WAFs) for Amazon Web Services (AWS).
PayPal has fixed a filter bypass flaw and a persistent input validation vulnerability affecting its MultiOrder Shipping application.
A new report from Check Point discusses some of the most common P2P, file sharing and remote administration tools found operating in the enterprise, often under the radar.

FEATURES, INSIGHTS // Application Security

rss icon

Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Nimmy Reichenberg's picture
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Alan Wlasuk's picture
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
Noa Bar-Yosef's picture
Foresight is a Web application security company which provides a new type of technology as the front line of Web protection. I sat down with co-founder and CTO Israel Ragutski to chat on entrepreneurship and this new offering.
Alan Wlasuk's picture
You’re not going to solve all of your security problems in the next 30 days, but you can and should fix the big ones, those Bluebirds that make it easy for hackers to kill your company.
Chris Hinkley's picture
There are numerous steps you can take to uphold the security of your site in order to help protect against CSS attacks. Start by ensuring that your application is coded in a way to eliminate these attack vectors.
Alan Wlasuk's picture
As IT security becomes a major focus in our world, it is essential that corporations and development companies alike demand web application security at the contractual level.