Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hackers have already started exploiting a recently patched remote code execution vulnerability affecting Apache Struts 2 [Read More]
Bitdefender launches Bugcrowd-based public bug bounty program with rewards of up to $1,500 [Read More]
Google introduces the beta version of the App Engine firewall, a new security feature for its cloud platform [Read More]
Zerodium offers up to $500,000 for remote code execution and privilege escalation exploits targeting popular instant messaging and email apps [Read More]
TunnelBear commissioned an audit of its VPN product and only few vulnerabilities were found in recent versions [Read More]
Version control systems Git, Subversion, Mercurial and CVS affected by command execution vulnerability [Read More]
Researchers warn that hackers can abuse GitHub and other Git repo hosting services for stealthy attacks on software developers [Read More]
Netflix releases tools and information for mitigating application DDoS attacks against microservice architectures [Read More]
Mitigations put in place by Google in May 2017 to help block phishing attacks such as the recent OAuth worm weren’t enough to completely mitigate the issue, security firm Proofpoint says. [Read More]
Google is taking another step to better protect users from malicious third-party web applications by warning users of newly created web apps and Apps Scripts that are pending verification. [Read More]

FEATURES, INSIGHTS // Application Security

rss icon

Alan Cohen's picture
From a security perspective, to create understand application dependencies you need not only to understand the flows and servers, you need to understand the ports and underlying processes.
Preston Hogue's picture
Today an organization may have thousands of apps on the internet, but having thousands of monolithic security devices just isn’t practical.
Dan Cornell's picture
Security cannot exist in a vacuum – it must be integrated with the entirety of an organization’s strategy when it comes to securing development operations.
Travis Greene's picture
Shadow IT 2.0 is a symptom of a bigger problem – the inability to maintain digital competitive advantage due to the insufficient pace of code deployment.
Jim Ivers's picture
Savvy organizations have learned how to use a mix of static and dynamic application security testing types to increase their coverage and lower their risk.
Dan Cornell's picture
When security teams can assess brand, financial, strategic risks – they are best able to act as a trusted advisor to DevOps teams as they build and maintain secure systems.
Travis Greene's picture
2017 is the year for information security teams to align to the work being done in DevOps – whether you call it DevSecOps or not.
Lance Cottrell's picture
OODA loop is a well established concept often used in security which originated in the military. OODA stands for Observe, Orient, Decide, Act.
Jim Ivers's picture
Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance.
Jim Ivers's picture
Aside from tools, there are many types of application security testing that can be used to find vulnerabilities in software. An organization must consider multiple software security testing methods to really manage its risk.