Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.
Invision Power Services (IPS) has released patches to address an SQL injection vulnerability affecting versions 3.3.x and 3.4.x of the popular online forum software IP.Board.
Las Vegas, Nevada-based telemedicine company Cytta Corp. reported on Monday that hackers managed to change the organization's officer and director information in the Nevada Secretary of State corporate filing system.
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
A security researcher has uncovered a new attack vector called "Reflected File Download" where a malicious file can be downloaded without actually being uploaded anywhere.
WordPress is the most attacked content management system (CMS), according to a report from Imperva. Analysis showed that WordPress websites were attacked 24.1% more than sites running on all other CMS platforms combined.
A researcher has identified a series of vulnerabilities on a Yahoo service that ultimately allowed him to gain root access to one of the company's servers.
The Open Web Application Security Project (OWASP) released version 4 of the OWASP Testing Guide.
Veracode has closed a late-stage $40 million funding round led by Wellington Management with participation from previous investors.

FEATURES, INSIGHTS // Application Security

rss icon

Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Nimmy Reichenberg's picture
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Alan Wlasuk's picture
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
Noa Bar-Yosef's picture
Foresight is a Web application security company which provides a new type of technology as the front line of Web protection. I sat down with co-founder and CTO Israel Ragutski to chat on entrepreneurship and this new offering.
Alan Wlasuk's picture
You’re not going to solve all of your security problems in the next 30 days, but you can and should fix the big ones, those Bluebirds that make it easy for hackers to kill your company.
Chris Hinkley's picture
There are numerous steps you can take to uphold the security of your site in order to help protect against CSS attacks. Start by ensuring that your application is coded in a way to eliminate these attack vectors.