Blog Posts Tagged with "Application Security"
Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements
February 21, 2013 Added by:Rohit Sethi
On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.
Comments (1)
Why the Latest Rails Exploit Is Indicative of a Bigger Problem
February 15, 2013 Added by:Rohit Sethi
The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.
Comments (0)
Power to the People and the Coming AppSec Revolution
January 24, 2013 Added by:Fergal Glynn
It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...
Comments (0)
California AG Releases Mobile App Guidelines; Industry Responds
January 24, 2013 Added by:David Navetta
The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...
Comments (0)
Cloud App Integration: Incredibly Important, But Also Problematic
January 22, 2013 Added by:Ben Kepes
As we move into the cloud-dominated world, the issue of integration is more prominent as enterprises realize how many different systems are being used throughout their organizations. While one of the best things about cloud is the democratization of technology, this is also one of the most problematic areas...
Comments (1)
Mobile App Security Series: It’s 10pm. Do you know where your data is?
January 16, 2013 Added by:Brandon Knight
Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?
Comments (0)
Who is Responsible for Application Security? Development or Security?
January 10, 2013 Added by:Matt Neely
During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...
Comments (2)
Bad Piggies, Graffiti and the IRT
December 21, 2012 Added by:Fergal Glynn
Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...
Comments (0)
The Four Horsemen of the Cyber-Apocalypse: Security Software FUD
December 15, 2012 Added by:Tripwire Inc
Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...
Comments (1)
Software is Eating the World, And APIs are the Fuel For That
November 13, 2012 Added by:Ben Kepes
The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...
Comments (0)
The secrets of incorporating security into functional testing
November 11, 2012 Added by:Rafal Los
Whether you agree with that or not, my proposal is that with the right tools it can be done. More than just the right tools, with tools that appropriately match the use-case of the functional tester... so I've started collecting a list of things functional testers would require to add in the security...
Comments (0)
New Mobile Security App for Android Smartphones
September 27, 2012 Added by:Robert Siciliano
As more online retailers introduce mobile e-commerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application...
Comments (1)
Three Keys to Managing Firewalls for Better Security
September 25, 2012 Added by:Richard Stiennon
The that firewalls do not provide value had its first incarnation in de-perimeterization. The idea is that because network security is so hard we should give up and focus on securing the endpoints and data that travels between them. In reality we have to defend four separate domains...
Comments (1)
Rediscovering Our Way: OWASP AppSec Ireland 2012
September 20, 2012 Added by:Rafal Los
We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...
Comments (0)
Microsoft Forcing Users to Use Less Secure Passwords
September 18, 2012 Added by:Dan Dieterle
Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...
Comments (2)
Preparing Developers for Tomorrow’s Cloudy World
September 17, 2012 Added by:Ben Kepes
"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox