Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The NSA and Australian Signals Directorate issued a joint Cybersecurity Information Sheet (CSI) that provides details on vulnerabilities exploited by threat actors to install web shell malware on web servers. [Read More]
Zoom has announced a series of security improvements, including better encryption and the possibility for admins to choose data center regions. [Read More]
TPG Capital-backed Digital.ai launched on Wednesday with a new software development and security platform. The company is a combination of CollabNet VersionOne, XebiaLabs, and Arxan. [Read More]
Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. [Read More]
Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80. [Read More]
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. [Read More]
Twitter has informed users that some of their personal information may have been exposed due to the way Firefox stores cached data. [Read More]
Axis Security, a company that specializes in private application access, has emerged from stealth mode with $17 million in funding. [Read More]
Hellman & Friedman has agreed to acquire a majority interest in Checkmarx from Insight Partners in a deal valuing the company at $1.15 billion. [Read More]
Senators this week introduced a bill aimed at banning the use of the China-made TikTok application on government devices. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Gunter Ollmann's picture
CISOs are increasingly partnering with DevOps leaders and vigilantly modernizing secure development lifecycle (SDLC) processes to embrace new machine learning (ML) approaches.
Gunter Ollmann's picture
The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this “fusion” is more of an emulsification.
Preston Hogue's picture
The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services.
Preston Hogue's picture
Retailers should ensure that they are proactively scanning for vulnerabilities in the website, as well as deploying a solution to monitor traffic.
Preston Hogue's picture
Every piece of hardware, every integration, every API, every process, as well as applications themselves, are potential targets.
Preston Hogue's picture
Applications have been deconstructed to the point where we need to think about them with a new level of abstraction to understand how security needs to evolve.
Preston Hogue's picture
The best way for the security industry to meet the challenge of modern applications and modern app development is to adopt a modern way of supporting those from a security perspective.
Preston Hogue's picture
ChatOps offers a bridge to a fully realized vision for DevSecOps, offering a much quicker path to resolution for both security and non-security issues.
Preston Hogue's picture
If done right and integrated throughout the process, security ends up being not a source of friction, but a function that protects the business, at the speed of business.
Ashley Arbuckle's picture
With a holistic approach you can enable efficient segmentation across your infrastructure, identify anomalies faster by using process behavior deviations, and reduce your attack surface quickly.