Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers have uncovered a total of 20 security holes in Zenoss Core, the free, open-source version of the application, server, and network management platform Zenoss. [Read More]
A new type of CAPTCHA system introduced by Google is efficient in preventing spam and abuse, and makes it easy for users to verify that they are human. [Read More]
Google released two new security tools designed to help Google Apps users protect their accounts. [Read More]
Docker, a platform used to build, ship, and run distributed applications, has been updated to version 1.3.2 to address two critical vulnerabilities. [Read More]
Thousands of backdoored plugins and themes for popular content management systems (CMS) are being leveraged by a threat group to abuse Web servers on a large scale. [Read More]
Radware has launched a new hybrid solution designed to help enterprise organizations detect and protect against sophisticated and volumetric DDoS attacks. [Read More]
WordPress 4.0.1 fixes several vulnerabilities, including a critical flaw that could have been exploited to compromise websites. [Read More]
Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions. [Read More]
The creators of the jQuery Validation Plugin have fixed a vulnerability in a demo component that was first reported to them more than three years ago. [Read More]
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Nimmy Reichenberg's picture
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Alan Wlasuk's picture
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.