Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google releases two new tools to help developers prevent XSS attacks using content security policy (CSP) [Read More]
Illusive Networks has announced SWIFT Guard, described by the company as cyber deception technology designed to protect SWIFT-connected banks from cyber criminals. [Read More]
A new OAuth 2.0 token revocation rule will soon cause third-party mail apps to stop syncing data upon user password change, Google revealed. [Read More]
The SAP Security Patch Day fixes for September 2016 address 19 vulnerabilities, including a couple of serious flaws in ASE [Read More]
Google’s login page is plagued by a whitelist bypass vulnerability that could allow an attacker to redirect users to arbitrary pages or trick them into downloading malicious code, security researcher Aidan Woods claims. [Read More]
Vulnerabilities found by researchers in the Micro Focus GroupWise collaboration tool expose organizations to remote attacks [Read More]
Researchers once again bypass the User Account Control (UAC) security feature in Windows – this time they used the Event Viewer [Read More]
Vulnerabilities found by researchers in Trane smart thermostats could have been exploited to remotely hack the devices [Read More]
Vulnerabilities found by a researcher in the Venmo payment app could have been exploited to steal money from users [Read More]
Black Hat organizers updated the conference’s mobile app after researchers discovered several vulnerabilities [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.