Security Experts:

long dotted


WordPress 4.0.1 fixes several vulnerabilities, including a critical flaw that could have been exploited to compromise websites.
Drupal 6.34 and Drupal 7.34 were released to address multiple moderately critical vulnerabilities affecting prior versions.
The creators of the jQuery Validation Plugin have fixed a vulnerability in a demo component that was first reported to them more than three years ago.
Researchers claim that a new attack method can be leveraged to silently modify the digital ballots used in the Internet voting process.
Microsoft has acquired Israeli cyber security startup Aorato, a company focused on protecting Active Directory deployments.
Invision Power Services (IPS) has released patches to address an SQL injection vulnerability affecting versions 3.3.x and 3.4.x of the popular online forum software IP.Board.
Las Vegas, Nevada-based telemedicine company Cytta Corp. reported on Monday that hackers managed to change the organization's officer and director information in the Nevada Secretary of State corporate filing system.
PHP released versions 5.6.2, 5.5.18 and 5.4.34 of the scripting language. In addition to some functionality bugs, the latest releases address a series of security-related flaws.
Trustwave researcher Ben Hayak presented an attack method, which he calls Same Origin Method Execution (SOME), at the Back Hat Europe security conference in Amsterdam, the Netherlands.
A security researcher has uncovered a new attack vector called "Reflected File Download" where a malicious file can be downloaded without actually being uploaded anywhere.

FEATURES, INSIGHTS // Application Security

rss icon

Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Nimmy Reichenberg's picture
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Alan Wlasuk's picture
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
Noa Bar-Yosef's picture
Foresight is a Web application security company which provides a new type of technology as the front line of Web protection. I sat down with co-founder and CTO Israel Ragutski to chat on entrepreneurship and this new offering.
Alan Wlasuk's picture
You’re not going to solve all of your security problems in the next 30 days, but you can and should fix the big ones, those Bluebirds that make it easy for hackers to kill your company.
Chris Hinkley's picture
There are numerous steps you can take to uphold the security of your site in order to help protect against CSS attacks. Start by ensuring that your application is coded in a way to eliminate these attack vectors.