Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

An Australian security researcher has uncovered a bug that provided him access to an unsecured administration panel for an internal content management system (CMS) used by staff at Yahoo.
Fortinet has introduced a new on-demand, pay-as-you-go offering for its FortiWeb-VM Web Application Firewalls (WAFs) for Amazon Web Services (AWS).
PayPal has fixed a filter bypass flaw and a persistent input validation vulnerability affecting its MultiOrder Shipping application.
A new report from Check Point discusses some of the most common P2P, file sharing and remote administration tools found operating in the enterprise, often under the radar.
The "Covert Redirect" security issue uncovered in login tools OAuth and OpenID, places the responsibility for user security in the wrong place, experts say.
Adobe has made several security enhancements to ColdFusion 11, giving developers access to an extensive toolkit of security controls and other additional features.
The Heartbleed vulnerability was disclosed a little over two weeks ago, and administrators have promptly patched affected servers. That was just the easy part. The hard work lies ahead.
CrowdStrike has released a free tool to help organizations detect the presence of systems on their networks that are vulnerable to the OpenSSL Heartbleed vulnerability.
Microsoft has updated its threat modeling tool with a number of new features.
Imperva issued a threat advisory for a code injection vulnerability in PHP (CVE-2012-1823).

FEATURES, INSIGHTS // Application Security

rss icon

Tal Be'ery's picture
Organizations should always assume third party code—coming from partners, vendors, mergers and acquisitions—is vulnerable, and take relevant precautions.
Tal Be'ery's picture
Tal explains the technical details behind recent Ruby on Rails vulnerabilities and shows how web applications’ administrators can avoid these and similar problems with some proper system hardening.
Avi Chesla's picture
The following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
Nimmy Reichenberg's picture
Application vulnerabilities are a prime vector for attacks. But one aspect of securing enterprise applications often overlooked and almost always poorly handled in organizations, is securing application connectivity!
Alan Wlasuk's picture
Every statistic indicates your website has probably been hacked already, and if it hasn’t already been, it will soon be. You won’t be aware of it until some outside points it out to you.
Noa Bar-Yosef's picture
Foresight is a Web application security company which provides a new type of technology as the front line of Web protection. I sat down with co-founder and CTO Israel Ragutski to chat on entrepreneurship and this new offering.
Alan Wlasuk's picture
You’re not going to solve all of your security problems in the next 30 days, but you can and should fix the big ones, those Bluebirds that make it easy for hackers to kill your company.
Chris Hinkley's picture
There are numerous steps you can take to uphold the security of your site in order to help protect against CSS attacks. Start by ensuring that your application is coded in a way to eliminate these attack vectors.
Alan Wlasuk's picture
As IT security becomes a major focus in our world, it is essential that corporations and development companies alike demand web application security at the contractual level.
Marc Solomon's picture
Similar to how the Industrial Revolution created faster, better and more efficient sectors of the economy, so too is the Industrialization of Hacking creating a faster, more effective and more efficient sector profiting from attacks to our IT infrastructure.
view counter