Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Thousands of MySQL databases are potential victims to a ransom attack that appears to be an evolution of the MongoDB ransack attack earlier this year. [Read More]
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. [Read More]
Breach that may have affected many major organizations comes to light after nearly two years. Links found to Chinese APTs [Read More]
A backdoor found in the default configuration of the Unanet web application allows an unauthenticated attacker to login and manipulate user accounts and the roles they maintain. [Read More]
Absolute extends endpoint security self-healing capabilities to third-party applications [Read More]
Researchers found 76 popular iOS applications that allow attackers to silently intercept TLS-protected data [Read More]
Researchers analyzed 283 Android VPN applications from Google Play and found that many of them introduce security and privacy risks [Read More]
Cisco Systems on announced a $3.7 billion deal to buy a startup AppDynamics, which specializes in improving the performance of applications, continuing to expand beyond computer networking hardware. [Read More]
A stored XSS vulnerability in the HTML Comment Box widget exposed a large number of websites to attacks [Read More]
Oracle gives Java developers more time to ensure that their JAR files are not signed with MD5 [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.