Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Critical unauthenticated remote code execution vulnerability patched in open source automation server Jenkins [Read More]
Vulnerabilities in Bosch’s Drivelog Connect dongle and its mobile app allow hackers to send malicious CAN messages to a car and stop its engine [Read More]
Researchers find serious vulnerabilities in Riverbed’s SteelCentral application and network performance monitoring system [Read More]
DoubleAgent is a new attack method that abuses a legitimate Microsoft tool to hijack security products [Read More]
Google painted a bleak picture of cybersecurity trends, saying the number of websites hacked rose 32 percent in 2016, with little relief in sight. [Read More]
A recently disclosed User Account Control (UAC) bypass that leverages App Paths can be used for fileless attacks as well, security researcher Matt Nelson now says. [Read More]
A vulnerable application used by millions of McDonald’s customers in India was recently found to leak personal information of its users. [Read More]
Researchers find serious vulnerabilities in Moodle, a popular learning platform used by many top universities [Read More]
Built on the Linux Foundation's open source Hyperledger Fabric v1.0 and the IBM Blockchain service, a new digital identity and attribute sharing network from IBM and SecureKey will go live in Canada later in 2017. [Read More]
A researcher has demonstrated an attack that combines Clickjacking and a type of Cross Site Scripting (XSS) called Self-XSS. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Dan Cornell's picture
Security cannot exist in a vacuum – it must be integrated with the entirety of an organization’s strategy when it comes to securing development operations.
Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.
David Holmes's picture
Considering that you can find vendors, startups, and specialists in any of these 28 application security technologies, is it realistic to expect any one person to be a subject matter expert in all of them?
Jim Ivers's picture
Experienced organizations learn that security is not a drag on performance, but can provide productivity gains by eliminating security vulnerabilities early in the development process.