Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The developers of the libpng library have patched a null pointer dereference flaw that has been around since 1995 [Read More]
Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer are caused by design flaws in PHP, researcher says [Read More]
The developers of the PHPMailer email-sending library have patched a critical flaw that can be exploited for remote code execution [Read More]
Apple had wanted all iOS apps to use HTTPS by the end of the year, but it has now extended the deadline indefinitely [Read More]
Akamai Technologies announced on Monday that it has acquired bot detection firm Cyberfend for an undisclosed cash sum. [Read More]
Researchers analyzed 44,000 plugins from the official WordPress plugin directory and found vulnerabilities in more than 8,800 of them [Read More]
Algorithms are used for such purposes because they are good at making probabilistic projections based on past data with no human intervention and at machine speed -- but they are not infallible, and have become the basis of fictional Armageddons. [Read More]
SAP on Tuesday released its set of security patches for December 2016, which include 20 Patch Day Security Notes, along with updates for two previously released notes. [Read More]
Researchers find an apparently critical vulnerability in a PwC security tool for SAP systems, but PwC has downplayed the risk [Read More]
Cisco prompted a password reset for the user accounts on its Cisco Professional Careers mobile website after a security researcher discovered a vulnerability in the portal. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.