Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A researcher has demonstrated an attack that combines Clickjacking and a type of Cross Site Scripting (XSS) called Self-XSS. [Read More]
With billions of stolen login credentials available on the dark web, bad bots are busy testing them against websites all over the globe. [Read More]
On day one of Pwn2Own 2017, participants hacked Microsoft Edge, Safari, Ubuntu and Adobe Reader [Read More]
Turkish hackers abuse Twitter Counter app to hijack many high-profile Twitter accounts over the diplomatic dispute between Turkey and the Netherlands [Read More]
Google patches 36 vulnerabilities with the release of Chrome 57. Researchers who found the flaws earned $38,000 [Read More]
Researchers found several potentially serious flaws in a popular pricing software from Navetti. Patches are available [Read More]
The latest version of the Firefox Web browser warns users when they are entering their passwords on pages that are not secure. [Read More]
A bug in Uber could have been used by users to ride for free anywhere where the service is available, a researcher has discovered. [Read More]
CA Technologies (NASDAQ:CA) has signed a definitive agreement to acquire Veracode, a provider application security testing solutions for roughly $614 in cash. [Read More]
A researcher managed to bypass Google’s ReCaptcha v2 and decided to make the discovery public after Google failed to patch it for several months. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.