Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A group of security researchers has discovered vulnerabilities in the reCaptcha systems of Google and Facebook, and have created an attack that is highly successful at automatically bypassing the protection system. [Read More]
Researchers detail a new attack method that leverages the lack of isolation between Firefox browser extensions [Read More]
A recent layer 7 distributed DDoS attack managed to break all previous known records in terms of bandwidth consumption, peaking at 8.7 Gbps. [Read More]
Zen Cart has released an updated version of its popular online open source shopping cart application to address multiple Cross-Site Scripting (XSS) vulnerabilities. [Read More]
The personal details of thousands of foreign nationals living in southern Thailand were briefly leaked online in what the site's developer admitted was a data breach during a test for police. [Read More]
Researchers discovered that a patch released by Oracle more than two years ago for a serious Java sandbox escape vulnerability can be easily bypassed [Read More]
Custom Content Type Manager (CCTM) recently turned rogue and started stealing admin credentials via a backdoor, researchers at Sucuri discovered. [Read More]
Tens of thousands of WordPress websites have been used to launch Layer 7 distributed denial of service (DDoS) attacks. [Read More]
Oracle abandons Java browser plugin as Web browser vendors end support for NPAPI plugins [Read More]
Software that allows iOS app developers to quickly push patches and updates to their customers has a lot of benefits, but it also makes Apple’s app ecosystem less secure [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Tal Be'ery's picture
In this column, Tal explores the recent trend of hackers abusing the target’s Web application in order to launch an attack on the datacenter.
Michael Callahan's picture
While obscuring website code, server architecture, and security mechanisms doesn’t provide bullet-proof security on its own, it is actually pretty effective.
Nimmy Reichenberg's picture
Critical applications fuel the business, yet oftentimes there is a disconnect between the business requirements and the security policy. Aligning the two will ultimately improve security and allow IT to keep up with the dynamic needs of the business.
Nimmy Reichenberg's picture
Today’s businesses must be able to rapidly adapt to changing market conditions – to support a new venture, merger/acquisition, etc. As business needs change, so too must the underlying security policies.
Marc Solomon's picture
To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers.
Mark Hatton's picture
There is a term currently permeating the security industry that distracts everyone from the larger goals at hand of making networks safer, mitigating threats and protecting critical data. The term is hype.
Chris Poulin's picture
If I have to sit through another presentation on information security that opens with the canned two or three slides peddling FUD, I’m going to launch myself across the table and unleash my own brand of FUD on the speaker. It’s not the bad guys who are winning, it’s the alarmists.
Ryan Naraine's picture
Immunity Inc. CEO and veteran hacker Dave Aitel talks about his early days in the security space, his argument against security awareness training, why Chris Soghoian is wrong on the exploit sale controversy and his own Brazilian Jiu-Jitsu game tactics.
Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.