Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

European bug bounty platform YesWeHack has banked $18.8 million in Series B funding to fuel international expansion. [Read More]
New Google Cloud offerings aim to help federal, state, and local government organizations in the U.S. implement zero-trust architecture. [Read More]
The CloudKnox deal is Microsoft’s fourth cybersecurity acquisition over the last 12 months and comes just weeks after Redmond announced plans to purchase threat-intelligence vendor RiskIQ. [Read More]
The latest browser iteration arrives with 35 security patches, adds safety check in the address bar, and improves site isolation and phishing protection. [Read More]
The company introduced Cloud Armor Adaptive Protection in preview, to protect applications and services from Layer 7 DDoS attacks. [Read More]
Microsoft secures a court order to take down malicious domains that impersonate legitimate organizations. [Read More]
Networking gear vendor Juniper Networks ships product updates to address critical security vulnerabilities. [Read More]
Microsoft's security response team late Thursday acknowledged a new, unpatched bug that exposes Windows users to privilege escalation attacks. [Read More]
The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks. [Read More]
Microsoft partners with Citizen Lab to identify a mysterious commercial surveillance company in Israel selling zero-days and high-end spyware to government hackers. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.