Application Security

Application Security news, trend analysis and opinion

green illustration of man and cybersecurity icons

Smyte wants to get biblical on all those bad online actors

Smyte wants to do some biblical-level smiting of its own and strike down credit-card fraud, scams, spam and other devious online activities.

wikileaks

Now WikiLeaks threatens to disclose software vulnerabilities

One WikiLeaks disclosure condition is similar to Google’s: Companies must patch software vulnerabilities with in 90 days.

Security online

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

cybersecurity

Pwn2Own 2017: Your stuff as mincemeat

Security teams gathered at Pwn2Own 2017 to hack your favorite software and found plenty of bugs, proving nothing is foolproof.

hacker, hackers, hacking

Adobe Reader, Edge, Safari, and Ubuntu fall during first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

phone picture conference

Protecting the enterprise against mobile threats

Mobile devices have transformed the digital enterprise allowing employees to access the information they need to be most productive from virtually anywhere. Has that convenience come at a cost to enterprise security, though?

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

bug bounty

Microsoft paying a bug bounty of $30,000

Microsoft doubles its bug bounty to up to $30,000 for serious bugs in certain Microsoft services. The bounty runs through May 31, 2017.

google cloud plans primary

Checklist for choosing a small cloud host or ISP

Use this checklist to select a cloud host or ISP—and prevent future problems.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

microsoft stock campus building

Google discloses unpatched IE vulnerability after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

update upgrade blackboard

7.4% of software on PCs are past end of life

Research shows 7.4 percent of software on PCs are past end of life, meaning it's no longer patched and is vulnerable to exploitation.

0 shadow it intro

8 steps to regaining control over shadow IT

Learn how to discover those employees who went roaming for outside services.

code programming software bugs cybersecurity

JavaScript-based ASLR bypass attack simplifies browser exploits

Researchers have devised a new attack that can bypass address space layout randomization (ASLR) in browsers and possibly other applications.

innovation idea

RSAC Innovation Sandbox winners: One year later

With the annual RSA security conference just around the corner, we decided to touch base with the 10 companies selected as finalists in last year’s Innovation Sandbox competition and see how they’re making out.

01 underattack

How to secure Active Directory

Russell Rice, senior director of product management at Skyport Systems, provides some ways IT organizations can keep privileged credentials for Active Directory safe.

cyber warfare war

How AI is stopping criminal hacking in real time

Almost every day, there’s news about a massive data leak -- a breach at Yahoo that reveals millions of user accounts, a compromise involving Gmail phishing scams. Security professionals are constantly moving the chess pieces around,...

hipaa compliance intro

6 things software vendors need to know about HIPAA compliance

Dizzion provides suggestions for ways vendors can maintain HIPAA compliance while still focusing on their primary business objectives.

cisco logo building

Cisco unveils Tetration 2.0, focuses on application security

Cisco’s Tetration 2.0 focuses on providing security at the application layer, providing a single pane of glass to automate and enforce security policies based on contextual information.

Load More