Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
After analyzing many Android applications, security researchers said that many apps failed to properly implement SSL, leaving millions of users – based on installation figures – exposed to basic Man-In-The-Middle (MITM) attacks.
Stealth security startup Cylance has acquired Dallas-based Ridgeway Internet Security, a software company specializing in Web application firewalls and honeypot technology.
A new survey reveals that 90 percent of businesses have lost money due to business logic attacks in the past 12 months.
Nominum's new platform offers integration with DNS engines to simplify life for developers, and new applications will provide extra security.
Application security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.
Software security firm Cigital released the fourth Building Security In Maturity Model today, giving enterprises a way to compare their app security efforts to what is being done at major corporations around the world.
Using Splunk for FireEye, Splunk Enterprise is able to provide real-time continuous monitoring and trending of data being generated by FireEye’s appliances.
The HoneyNet Project has released a new version of the Glastopf Web application honeypot software, which can now replicate SQL Injection attacks.
Splunk has launched Splunk Storm, a cloud service based on its flagship Splunk software. Splunk Storm runs as a fully managed, multi-tenant service on AWS and dynamically provisions the resources needed to store and analyze data.
Oracle has released the latest version of the application virtualization software Secure Global Desktop to improve security and user experience.
FEATURES, INSIGHTS // Application Security
Once you’ve selected one or more WAFs to evaluate, it’s time to test them and decide which one is the right one for you. But how then do you evaluate a WAF?
In this “Case Study” column I will share some takeaways based on my involvement in two recent remediation engagements as a basis for understanding the reasons behind the continued trend in vulnerable web applications.
Choosing a Web Application Firewall (WAF) solution from the many vendors in the market is not easy. For those who must, here are some important aspects of the decision-making process to consider.
If you’re running on a limited budget or resource pool, you may have moved Web Application Firewalls into the “want to have” bucket out of the “need to have.” I suggest you take another look, and here are three reasons why.
In the old days we didn't worry much about intrusion testing applications to help ensure that they could not be attacked from the outside world. In that context, our world was easier.
Protecting your website from hackers is tough. The battle between the good guys and the bad guys is an ever escalating war where a misstep on your part may mean a breached site.
This week Noa dives into Business Logic Attacks, pointing out different aspects and how to mitigate them. Business logic attacks abuse the functionality of a program. They’re stealthy as they don’t come as malformed requests and they contain legitimate values. Often, we can't even call them illegal.
While SSL is a great technology to ensure that consumers’ browsers are communicating to the businesses’ servers in an encrypted manner, and ensuring that these are legitimate businesses, it doesn’t prevent from the hacking the websites through vulnerabilities in Web applications.
There are thousands of script kiddies, launching hundreds of thousands of automated attacks every day. Anyone who argues that their website is too small or obscure for anyone to test for flaws isn’t paying attention to the fact that everyone’s website is being tested, all the time.
Enterprises need to shift the focus of their security operations from a small group of individuals with a set of tactical objectives, to a virtual organization that provides strategic value and has the ability to improve outcomes for the organization, its customers and employees.
Subscribe to SecurityWeek
- Layered Security Approach Still Fails to Block Exploits: Report
- CISOs Concerned Over 'Bring-Your-Own-Anything'
- Employees Given Choices Over Technology Are More Productive: Survey
- Skyhigh Networks Raises $20M to Help Organizations Manage Cloud Exposure
- Tripwire Launches NERC Compliance Solution
- Report Urges U.S. to go on Offense on China Hacking
- US Report Urges Action on 'Unprecedented' IP Theft
- Fearing Attack, Military Disables Wi-Fi Access at Guantanamo
- U.S. Utilities Face Constant Barrage of Attacks
- Accuvant Labs Shares Java Vulnerability Details from Pwn2Own
Copyright © 2013 Wired Business Media. All Rights Reserved. Privacy Policy | Terms of Use