September 10, 2014 Added by:Tripwire Inc
SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.
July 23, 2014 Added by:Electronic Frontier Foundation
According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.
June 30, 2014 Added by:Rafal Los
The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.
June 05, 2014 Added by:Rohit Sethi
Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.
June 05, 2014 Added by:Dan Dieterle
OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
April 09, 2014 Added by:Tripwire Inc
Estimates are over 66% of active websites on the internet may be vulnerable to this bug, found in OpenSSL, an open source cryptographic library used in the Apache web server and ignx when creating communications with users.
February 19, 2014 Added by:Dan Dieterle
In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.
February 19, 2014 Added by:Vince Kornacki
Attackers utilize a variety of tools to automate password guessing attacks, including Hydra, Nmap in conjunction with the http-form-brute script, and homegrown scripts. In this post, Vince explains how to conduct Vertical Password Guessing Attacks.
January 29, 2014 Added by:Krishna Raja
Discovering vulnerabilities is often the main objective of security teams within large organizations. This is achieved through initiatives such as penetration testing and source code review. But as we know, this is only the first step towards a secure organization.
January 28, 2014 Added by:Nima Dezhkam
Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.
January 06, 2014 Added by:Rohit Sethi
The NIST Cyber Security Framework completely lacks any mention of application security. We predict that organizations will likewise adopt the framework with scant attention paid to secure software, which will lull them into a false sense of security.
Seven “Sins” of Cyber Security... John Terry on 03-05-2015
Update 3: Hackers May Leak Norton Antivirus ... Jhun Astillero on 03-05-2015
Steps Toward Weaponizing the Android Platfor... arisha nani on 03-05-2015