November 10, 2014 Added by:Electronic Frontier Foundation
In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.
October 13, 2014 Added by:Tripwire Inc
At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.
October 09, 2014 Added by:Prateep Bandharangshi
The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
September 18, 2014 Added by:Rohit Sethi
All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.
September 10, 2014 Added by:Tripwire Inc
SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.
July 23, 2014 Added by:Electronic Frontier Foundation
According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.
June 30, 2014 Added by:Rafal Los
The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.
June 05, 2014 Added by:Rohit Sethi
Attention-grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology. Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most breaches.
June 05, 2014 Added by:Dan Dieterle
OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
April 09, 2014 Added by:Tripwire Inc
Estimates are over 66% of active websites on the internet may be vulnerable to this bug, found in OpenSSL, an open source cryptographic library used in the Apache web server and ignx when creating communications with users.
Why You Shouldn’t Use the OWASP Top 10 as ... Jessica Barden on 11-21-2014
Security or Checking a Box?... Fadvad FAscvax on 11-21-2014
Why Are We Failing at Software Security?... waqas nayyer on 11-21-2014