Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google is taking another step to better protect users from malicious third-party web applications by warning users of newly created web apps and Apps Scripts that are pending verification. [Read More]
Cisco patches critical WebEx remote code execution vulnerabilities found by Google and Divergent Security researchers [Read More]
An attack called "WPSetup" is targeting fresh WordPress installations to get admin access and execute PHP code in the victim’s web hosting account. [Read More]
WhiteHat Security’s latest annual report shows that organizations have improved their security posture, but only slightly [Read More]
HPE warns of security bypass, information disclosure, remote code execution, XSS and URL redirection vulnerabilities in several products [Read More]
The Automobile Association (AA) -- the UK's largest motoring organization with over 15 million members -- is being heavily criticized over its public handling of a major data incident that occurred in April. [Read More]
Cloudflare is relaunching its own app store and has partnered with venture capital investors to support app developers from a new $100 million Cloudflare Development Fund. [Read More]
Elastic Beam emerges from stealth mode with AI-powered API security solution [Read More]
Popular chat platforms such as Slack, Discord and Telegram can be abused by malicious actors for C&C communications [Read More]
Crowdfunding initiative for buying Shadow Brokers exploits canceled. Researchers cite legal reasons, including Russia (FSB) involvement [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Alan Cohen's picture
From a security perspective, to create understand application dependencies you need not only to understand the flows and servers, you need to understand the ports and underlying processes.
Preston Hogue's picture
Today an organization may have thousands of apps on the internet, but having thousands of monolithic security devices just isn’t practical.
Dan Cornell's picture
Security cannot exist in a vacuum – it must be integrated with the entirety of an organization’s strategy when it comes to securing development operations.
Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.