Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Radware announced plans to acquire bot management company ShieldSquare for an undisclosed sum. [Read More]
The Alaska Department of Revenue has shut down online applications for Alaska Permanent Fund dividends because of security concerns. [Read More]
The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects. [Read More]
Twitter recently addressed a security vulnerability that resulted in certain applications not showing to the user all of the permissions they had. [Read More]
Tigera, a company that specializes in Kubernetes security and compliance, raises $30 million in a Series B funding round, which brings the total raised by the company to date to $53 million. [Read More]
Researchers introduce smart greybox fuzzing, a new method for finding vulnerabilities in libraries that parse complex files. A fuzzer they developed discovered over 40 flaws [Read More]
AWS launches Security Hub, a service that aggregates and prioritizes security alerts from both AWS and third-party security tools [Read More]
The United States Postal Service (USPS) has fixed an API flaw that allowed unauthorized users to view account details, including email address, username, user ID, street address, phone number and mailing campaign data for other users. [Read More]
A recent attack targeted Drupal web servers with a chain of vulnerabilities that included the infamous Drupalgeddon2 and DirtyCOW flaws, Imperva security researchers say. [Read More]
Private equity investment firm Thoma Bravo acquires Veracode from Broadcom for $950 million in cash [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.
Jim Ivers's picture
Hackers are creative by nature, so you have to use your imagination to think like one. Once you can see your organization from a hacker’s point-of-view, you will be equipped to defend your organization like a security pro.
Danelle Au's picture
When it comes to SaaS applications versus on-premise, there are three characteristics that define the need for a different approach to data governance, risk management and security in the cloud.