Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

CERT/CC announced this week that the CERT Tapioca network traffic/MitM analysis tool has been updated with new features and improvements [Read More]
Cloudflare announced a series of improvements to its Rate Limiting distributed denial of service (DDoS) protection tool this week. [Read More]
FireEye has launched a new platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. [Read More]
As the adoption of open source components soars, vulnerabilities in this type of software have become increasingly common and they can pose a serious risk to applications, Synopsys study shows [Read More]
Serverless application security firm Protego Labs has raised $2 million seed funding from a group of investors. [Read More]
Google has released an open-source framework and software development kit (SDK) that allows developers to build applications targeting trusted execution environments. [Read More]
Slack releases goSDL, an open source secure development lifecycle (SDL) tool designed to provide developers a tailored security checklist for their projects [Read More]
Cybereason researchers who analyzed the data collected in a honeypot that masqueraded as a financial services company. What they found was interesting and unexpected. [Read More]
Application security firm Onapsis has raised $31 million through a Series C funding, bringing the total amount raised by the company to $62 million. [Read More]
Cloudflare launches Spectrum, a new service designed to extend the company’s DDoS and other protections to gaming, remote access, email and other services [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.
Adam Firestone's picture
Security requirements for information assurance, risk management, and certification and accreditation constrain Government organizations with respect to software allowed on Government networks.