Blog Posts Tagged with "Application Security"
November 09, 2011 Added by:Rafal Los
When we find a bug in software that has the potential for causing security-related issues, we want to convince the business to fix the issue, remediate the problem that we find. Only thing is, while we see it as a security vulnerability the business sees it as a critical feature...
November 01, 2011 Added by:Joshua Lochner
Based on application flows and the importance placed on a web presence, the goal is to configure notification level alerts to be sent to the System Administrators for security related events from the three servers in the front-end web server cluster, and configure emergency alerts...
October 28, 2011 Added by:Rafal Los
Threat modeling software is a delicate art, and often mis-understood enough to cause poor execution. It seems elementary that the best time to impact security in a positive way is during requirements gathering, yet many security professionals continue to ignore that opportunity...
October 23, 2011 Added by:Steven Fox, CISSP, QSA
The OWASP Mobile Security Project focuses on the security of the applications. According to its contributors, it “is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications...”
October 18, 2011 Added by:Ben Rothke
The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...
October 13, 2011 Added by:Rafal Los
In the systems management world, it's about performance, deployment consistency, and uptime - metrics that can be quantified. This pattern repeats for applications and critical systems, and just about every other component of information technology - except, it seems, Information Security...
October 12, 2011 Added by:Joel Harding
The next wave of cyber attacks will come through smart phones, cell phones and their data networks. Smart phones are almost ubiquitous and attacks launched either using the smart phones or attacking smart phones will be devastating on a scale we have not seen to date...
October 09, 2011 Added by:Rafal Los
We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...
October 06, 2011 Added by:Headlines
“An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers," Femerstrand explained in a blog post...
October 05, 2011 Added by:Dan Dieterle
A lot was covered, including how hackers are creating apps that pass verification and are published in the app store, but when installed, pull down malicious updates. Bluetooth vulnerabilities and a “Truly Evil Hack” were also discussed...
October 05, 2011 Added by:Rafal Los
Dynamic Application Security Testing (DAST) is one of the long-standing staples of Software Security Assurance, and has been the anchor by which many organization have boot-strapped their efforts to write better code. Whether this is the correct approach or not is not the question...
October 03, 2011 Added by:Headlines
"The only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door..."
September 22, 2011 Added by:Brent Huston
As device manufacturers continue to add processing power and storage capacity, and platform vendors provide more applications for generating and consuming data, security will become a greater concern as attackers look upon it as their new playground...
September 20, 2011 Added by:Headlines
Bringing order and security to the patchwork quilt of computing environments in a large organization can be a daunting task. NIST recently released four new publications that detail specifications to be used by the latest version of the Security Content Automation Protocol (SCAP)...
September 19, 2011 Added by:Rafal Los
You may have missed one of the strangest exchanges I think I've seen in a long while. An out-of-the-blue scathing blog post by Oracle's CSO prompted a swift response from VeraCode's Chief Technology and Security Officer. What brought this on is anyone's guess...
September 18, 2011 Added by:David Martinez
While it might be interesting and a bit exciting finding vulnerabilities in systems, keep in mind that reporting them to the appropriate people might be more hassle then it’s worth, especially when your doing it pro bono, as I discovered...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013