Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Two memory corruption vulnerabilities (CVE-2015-2282, CVE-2015-2278) were found in the compression libraries used by almost all SAP Netweaver products
Attackers typically use one of three common techniques to compromise SAP systems at the application layer: pivoting, portal attacks, and database warehousing, according to researchers from application security firm Onapsis.
New Chrome extension from Google allows users and organizations to protect themselves against phishing.
DevOps comes to the forefront at the RSA conference in San Francisco.
Qualys has improved its Web Application Scanning (WAS) solution with progressive scanning capabilities that reduce crawl times and impact.
Companies need to find a new approach to IT security if they want to be successful in today’s application economy, according to a new report from CA Technologies.
Contrast Security announced on Monday the availability of a free plugin that allows software developers to easily find vulnerabilities in their applications.
Analysis of the Naenara Browser, a version of Mozilla Firefox modified by North Korea and bundled into Red Star OS, shows the DPRK may be funneling all traffic through one—or a handful—of public IP addresses.
A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack merchant accounts. A different flaw could have been leveraged to gain access to buyers' details.
Researchers have uncovered several vulnerabilities in the admin panel of InfiniteWP, a free application that allows WordPress website administrators to control multiple installations from a single dashboard.

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.
Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.