Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A stored XSS vulnerability in the HTML Comment Box widget exposed a large number of websites to attacks [Read More]
Oracle gives Java developers more time to ensure that their JAR files are not signed with MD5 [Read More]
Shape Security predicts that credential stuffing will become a major issue during 2017 as the 3.3 billion credentials spilled in 2016 work their way through the criminal system. [Read More]
Some third-party applications unnecessarily store keys or secrets that could be abused to leak a variety of user credentials and other type of sensitive data, software security startup Fallible warns. [Read More]
Trend Micro's Zero Day Initiative (ZDI) paid out nearly $2 million in 2016 for vulnerabilities [Read More]
Imperva analyzed web application vulnerability trends and found that DoS attacks have become more common while XSS attacks declined [Read More]
The developers of the libpng library have patched a null pointer dereference flaw that has been around since 1995 [Read More]
Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer are caused by design flaws in PHP, researcher says [Read More]
The developers of the PHPMailer email-sending library have patched a critical flaw that can be exploited for remote code execution [Read More]
Apple had wanted all iOS apps to use HTTPS by the end of the year, but it has now extended the deadline indefinitely [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .
Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.