Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The NSA and Australian Signals Directorate issued a joint Cybersecurity Information Sheet (CSI) that provides details on vulnerabilities exploited by threat actors to install web shell malware on web servers. [Read More]
Zoom has announced a series of security improvements, including better encryption and the possibility for admins to choose data center regions. [Read More]
TPG Capital-backed Digital.ai launched on Wednesday with a new software development and security platform. The company is a combination of CollabNet VersionOne, XebiaLabs, and Arxan. [Read More]
Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. [Read More]
Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80. [Read More]
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered. [Read More]
Twitter has informed users that some of their personal information may have been exposed due to the way Firefox stores cached data. [Read More]
Axis Security, a company that specializes in private application access, has emerged from stealth mode with $17 million in funding. [Read More]
Hellman & Friedman has agreed to acquire a majority interest in Checkmarx from Insight Partners in a deal valuing the company at $1.15 billion. [Read More]
Senators this week introduced a bill aimed at banning the use of the China-made TikTok application on government devices. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.
Jim Ivers's picture
Built in or bolted on? When have you ever seen “bolted on” as the first choice of anyone in just about any imaginable scenario? Yet for software security, “bolted on” is certainly the norm.