Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Instagram this week announced new features to boost account security and provide users with increased visibility into accounts with a large number of followers. [Read More]
Semmle, a company whose software engineering analytics platform is used by Microsoft, Google, NASA and others, launches globally with $21 million in funding [Read More]
NCC Group releases Singularity of Origin, an open source tool that makes it easier for penetration testers and others to perform DNS rebinding attacks [Read More]
Brand new Mac computers used in enterprise environments can be hacked on the first boot via Apple’s mobile device management (MDM) protocol, researchers show [Read More]
NIST’s Computer Security Division decided to withdraw 11 outdated SP 800 publications on August 1, 2018 [Read More]
GitHub adds support for Python to its security alerts feature, which notifies developers if their packages contain vulnerabilities [Read More]
Developers of the Gentoo Linux distribution warned users that their GitHub account was hacked and malicious code was planted [Read More]
Identity management solutions provider Ping Identity acquires Elastic Beam and launches AI-based API security product [Read More]
Thousands of mobile applications running on iOS and Android have reportedly exposed over 113 gigabytes of data from 2,300 unsecured Firebase databases. [Read More]
New VirusTotal Monitor service aims to help software developers and antivirus vendors reduce the number of false positive detections [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.