Blog Posts Tagged with "Application Security"

Af2769c2480db78c589b811b428782b0

PHP and Application Security

June 10, 2013 Added by:Lee Mangold

The low barrier-of-entry for PHP allows inexperienced developers act like engineers and publish insecure code. These developers may be developing useful stuff, but they simply don't understand security.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (2)

219bfe49c4e7e1a3760f307bfecb9954

Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

California AG Releases Mobile App Guidelines; Industry Responds

January 24, 2013 Added by:David Navetta

The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Cloud App Integration: Incredibly Important, But Also Problematic

January 22, 2013 Added by:Ben Kepes

As we move into the cloud-dominated world, the issue of integration is more prominent as enterprises realize how many different systems are being used throughout their organizations. While one of the best things about cloud is the democratization of technology, this is also one of the most problematic areas...

Comments  (1)

4eb356e09746aadc2f4800877e8c24e8

Mobile App Security Series: It’s 10pm. Do you know where your data is?

January 16, 2013 Added by:Brandon Knight

Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

Bad Piggies, Graffiti and the IRT

December 21, 2012 Added by:Fergal Glynn

Chrome users have almost no way of evaluating the trustworthiness of Chrome extension publishers because Google doesn’t have any reputation ranking system, nor does it review applications and extensions before they’re published...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Four Horsemen of the Cyber-Apocalypse: Security Software FUD

December 15, 2012 Added by:Tripwire Inc

Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...

Comments  (1)

4c1c5119b03285e3f64bd83a8f9dfeec

Software is Eating the World, And APIs are the Fuel For That

November 13, 2012 Added by:Ben Kepes

The cloud brings a level of agility that allows organization to be more nimble than before. Cloud powers workers in disparate geographies to collaborate on projects. Cloud enables the mobile provisioning of mass information in new ways. Cloud makes insights into vast stores of data more readily obtained...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The secrets of incorporating security into functional testing

November 11, 2012 Added by:Rafal Los

Whether you agree with that or not, my proposal is that with the right tools it can be done. More than just the right tools, with tools that appropriately match the use-case of the functional tester... so I've started collecting a list of things functional testers would require to add in the security...

Comments  (0)

37d5f81e2277051bc17116221040d51c

New Mobile Security App for Android Smartphones

September 27, 2012 Added by:Robert Siciliano

As more online retailers introduce mobile e-commerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application...

Comments  (1)

924ce315203c17e05d9e04b59648a942

Three Keys to Managing Firewalls for Better Security

September 25, 2012 Added by:Richard Stiennon

The that firewalls do not provide value had its first incarnation in de-perimeterization. The idea is that because network security is so hard we should give up and focus on securing the endpoints and data that travels between them. In reality we have to defend four separate domains...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Microsoft Forcing Users to Use Less Secure Passwords

September 18, 2012 Added by:Dan Dieterle

Looks like Windows 8 is capped at a 16 character limit for compatibility with existing Microsoft Accounts. With the decrease of the character set, by limiting special characters for compatibility with Microsoft’s other services, the passwords are less secure than before...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »