Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Trend Micro has acquired Montréal, Canada-based web application security firm Immunio for an undisclosed sum. [Read More]
ERPScan announces new AI-driven security platform designed to help organizations prevent, detect and respond to attacks targeting SAP systems [Read More]
The final version of the ‘OWASP Top 10 - 2017’ has been released, and CSRF and unvalidated redirects didn’t make the list [Read More]
Microsoft uses deep neural networks to improve fuzzing techniques. Tests conducted via AFL fuzzer [Read More]
Following an increase in Android malware and adware abusing accessibility services, Google decides to crack down on apps that misuse the feature [Read More]
Microsoft releases security advisory on how users can protect themselves against attacks leveraging DDE [Read More]
A recently developed system that targets the audio version of Google’s reCAPTCHA challenges can break them with very high accuracy. [Read More]
Google is planning to deprecate and eventually completely remove support for public key pinning (PKP) from the Chrome browser. [Read More]
Microsoft releases Sonar, an open source linting and scanning tool that helps web developers find performance and security issues [Read More]
LokiBot Android banking trojan turns into ransomware if users try to remove it. The gang behind the attack has made more than $1.5 million [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Danelle Au's picture
Enterprises can gain tremendous competitive advantages by having IT focus on the things that matter – users and information rather than infrastructure maintenance and building.
Danelle Au's picture
As SaaS adoption grows, so do the security concerns. But there is so much confusion around SaaS security that many enterprises are focusing on the wrong problems. Here are the three biggest myths when it comes to SaaS security...
Wade Williamson's picture
While free tools aren’t the answer for every problem, they probably should be a part of your security toolkit. Even better, they can provide an easy way to learn about new security technologies and provide your team with hands-on experience.
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Michael Callahan's picture
There’s more than functionality and availability issues ailing Healthcare.gov. There’s significant potential for compromise.
Nimmy Reichenberg's picture
There are numerous financial and operational reasons to make the move to a private, public or hybrid cloud, but you must understand the impact on applications .