Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The Open Web Application Security Project (OWASP) released version 4 of the OWASP Testing Guide.
Veracode has closed a late-stage $40 million funding round led by Wellington Management with participation from previous investors.
The popular Slider Revolution WordPress plugin that enables users to easily create responsive sliders is plagued by a security hole that has been actively exploited by cybercriminals.
Cybercriminals compromised the website of an industrial company to conduct a watering hole attack with the goal to collect information on the site's visitors.
Skyfence has released a free tool designed to provide organizations visibility into cloud app usage and risks.
The IEEE (Institute of Electrical and Electronics Engineers) Center for Secure Design has published some advice to help software developers dodge common mistakes that compromise security.
Of the 1,000 most downloadable free applications, almost 70 percent had at least one SSL vulnerability, according to an analysis FireEye.
Researchers have discovered a flaw in the WordPress Mobile Pack plugin that can be exploited to access password-protected posts.
The security teams at Drupal and WordPress have fixed a remotely exploitable a denial-of-service (DoS) vulnerability in PHP XML parsing that affects tens of millions of websites that use their publishing platforms.
Pwn Pulse from Pwnie Express combines “Hack-in-a-box” sensors with central management for remote location Intelligence.

FEATURES, INSIGHTS // Application Security

rss icon

Wade Williamson's picture
As we build more accessible, scalable, and efficient computing models, we likewise open ourselves up to attacks that are likewise more accessible, scalable and efficient.
Danelle Au's picture
Cloud service providers play a key role in delivering security, but as part of the shared responsibility model, they are not liable for access to and usage of the cloud application.
Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.