Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researcher Matthew Bryant has published details on a Blind XSS Vulnerability that would allow an attacker to compromise of GoDaddy customer support functions and modify accounts. [Read More]
Adobe plans to address critical vulnerabilities in its widely deployed software for viewing, printing, and commenting on PDF documents. [Read More]
Security flaws found by researchers in Samsung’s SmartThings apps can expose smart homes to hacker attacks [Read More]
Developers expose sensitive business information by leaking Slack authentication tokens on GitHub [Read More]
Shortened URLs can be used to discover and read shared content stored in the cloud, including files for which the user didn’t create a short URL, researchers have demonstrated. [Read More]
A group of security researchers has discovered vulnerabilities in the reCaptcha systems of Google and Facebook, and have created an attack that is highly successful at automatically bypassing the protection system. [Read More]
Researchers detail a new attack method that leverages the lack of isolation between Firefox browser extensions [Read More]
A recent layer 7 distributed DDoS attack managed to break all previous known records in terms of bandwidth consumption, peaking at 8.7 Gbps. [Read More]
Zen Cart has released an updated version of its popular online open source shopping cart application to address multiple Cross-Site Scripting (XSS) vulnerabilities. [Read More]
The personal details of thousands of foreign nationals living in southern Thailand were briefly leaked online in what the site's developer admitted was a data breach during a test for police. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.