Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

TunnelBear commissioned an audit of its VPN product and only few vulnerabilities were found in recent versions [Read More]
Version control systems Git, Subversion, Mercurial and CVS affected by command execution vulnerability [Read More]
Researchers warn that hackers can abuse GitHub and other Git repo hosting services for stealthy attacks on software developers [Read More]
Netflix releases tools and information for mitigating application DDoS attacks against microservice architectures [Read More]
Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, security firm Proofpoint says. [Read More]
Google is taking another step to better protect users from malicious third-party web applications by warning users of newly created web apps and Apps Scripts that are pending verification. [Read More]
Cisco patches critical WebEx remote code execution vulnerabilities found by Google and Divergent Security researchers [Read More]
An attack called "WPSetup" is targeting fresh WordPress installations to get admin access and execute PHP code in the victim’s web hosting account. [Read More]
WhiteHat Security’s latest annual report shows that organizations have improved their security posture, but only slightly [Read More]
HPE warns of security bypass, information disclosure, remote code execution, XSS and URL redirection vulnerabilities in several products [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.