November 10, 2014 Added by:Electronic Frontier Foundation
In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.
November 05, 2014 Added by:Steve Durbin
Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.
October 13, 2014 Added by:Tripwire Inc
At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.
October 09, 2014 Added by:Prateep Bandharangshi
The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.
October 01, 2014 Added by:Dan Dieterle
As hardware and software manufacturers make public statements about hardening and protecting their services in the name of customer privacy, federal agencies speak out against it – let the smoke and mirrors game begin…
September 18, 2014 Added by:Rohit Sethi
All too often, we have seen organizations invest only in application security testing and education as the only two components of their application security programs. The net result is an expensive “patch and fix” approach that self optimizes only for the risks that scanners are able to catch.
September 10, 2014 Added by:Tripwire Inc
SSL implementation problems exist in apps of all shapes, sizes and function, ranging from those with little sensitive data and few users to apps with millions of active users handling some of our most sensitive data, such as financial transactions and account login information.
August 26, 2014 Added by:Rebecca Herold
Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.
July 23, 2014 Added by:Electronic Frontier Foundation
According to the researchers, over 5,000 sites include the canvas fingerprinting, with the vast majority from AddThis.
July 22, 2014 Added by:Eduard Kovacs
Organizers of the Black Hat security conference that's scheduled to take place next month in Las Vegas announced that a presentation detailing how the Tor network's users can be de-anonymized has been cancelled.
June 30, 2014 Added by:Rafal Los
The topic of software security, or AppSec, has once again cropped up recently in my travels and conversations so I thought it would be prudent to address that here on the blog.
June 05, 2014 Added by:Dan Dieterle
OWASP ZAP is a web application penetration testing tool that has some great features. It is a very easy to use scanner that allows you to do manual or automatic website security checks. In this tutorial we will learn how to use the automatic attack feature.
May 20, 2014 Added by:Tripwire Inc
If configuration hardening settings are “conditional,” meaning they must find and keep that balance between security and productivity, hardening against known vulnerabilities in applications and versions is much more black-and-white.
Update 3: Hackers May Leak Norton Antivirus ... Deborah Philip on 11-22-2014
First Victims of the Stuxnet Worm Revealed... Zaid Zia on 11-21-2014
Attorney General Taps Federal Prosecutors fo... Zaid Zia on 11-21-2014