Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hackers breached the systems of anti-adblocking service PageFair and used the access to deliver malware [Read More]
Netflix this week released an in-house developed tool for discovering cross-site scripting (XSS) vulnerabilities in applications and for scanning secondary software programs for potential XSS flaws. [Read More]
Web browser vendors are limiting Flash content so Amazon has decided not to accept Flash ads for Amazon.com starting with September 1. [Read More]
Facebook’s new Security Checkup tool for desktop is now available globally. Mobile version coming soon. [Read More]
Gigamon launched its GigaSECURE platform that was designed to give enterprises extensive visibility into network traffic, users, applications and suspicious activity. [Read More]
While container adoption is likely to surge over the next few years, concerns around security, certification and adequate skills remain, according to a recent survey commissioned by Red Hat. [Read More]
Google has decided to allow the installation of Chrome extensions only from the Chrome Web Store. The policy will soon be enforced on all channels of the web browser. [Read More]
Two memory corruption vulnerabilities (CVE-2015-2282, CVE-2015-2278) were found in the compression libraries used by almost all SAP Netweaver products [Read More]
Attackers typically use one of three common techniques to compromise SAP systems at the application layer: pivoting, portal attacks, and database warehousing, according to researchers from application security firm Onapsis. [Read More]
New Chrome extension from Google allows users and organizations to protect themselves against phishing. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.