Netflix this week released an in-house developed tool for discovering cross-site scripting (XSS) vulnerabilities in applications and for scanning secondary software programs for potential XSS flaws. [Read More]
While container adoption is likely to surge over the next few years, concerns around security, certification and adequate skills remain, according to a recent survey commissioned by Red Hat. [Read More]
Attackers typically use one of three common techniques to compromise SAP systems at the application layer: pivoting, portal attacks, and database warehousing, according to researchers from application security firm Onapsis. [Read More]
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.