Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google has decided to allow the installation of Chrome extensions only from the Chrome Web Store. The policy will soon be enforced on all channels of the web browser. [Read More]
Two memory corruption vulnerabilities (CVE-2015-2282, CVE-2015-2278) were found in the compression libraries used by almost all SAP Netweaver products [Read More]
Attackers typically use one of three common techniques to compromise SAP systems at the application layer: pivoting, portal attacks, and database warehousing, according to researchers from application security firm Onapsis. [Read More]
New Chrome extension from Google allows users and organizations to protect themselves against phishing. [Read More]
DevOps comes to the forefront at the RSA conference in San Francisco. [Read More]
Qualys has improved its Web Application Scanning (WAS) solution with progressive scanning capabilities that reduce crawl times and impact. [Read More]
Companies need to find a new approach to IT security if they want to be successful in today’s application economy, according to a new report from CA Technologies. [Read More]
Contrast Security announced on Monday the availability of a free plugin that allows software developers to easily find vulnerabilities in their applications. [Read More]
Analysis of the Naenara Browser, a version of Mozilla Firefox modified by North Korea and bundled into Red Star OS, shows the DPRK may be funneling all traffic through one—or a handful—of public IP addresses. [Read More]
A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack merchant accounts. A different flaw could have been leveraged to gain access to buyers' details. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.