Items Tagged with "Application Security"
Skype Fixes Critical Android Application Vulnerability
April 22, 2011 Added by:Headlines
"After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version as soon as possible in order to help protect your information..."
Comments (0)
Learning USB Lessons the Hard Way
April 20, 2011 Added by:Brent Huston
Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...
Comments (1)
Mobile Application Security - Separating Hype From Reality
April 12, 2011 Added by:Rafal Los
Everyone is to blame for the hype around mobile application security. The media is to blame for creating an insane amount of fear, security professionals and vendors are to blame for perpetuating this fear, and end-users are to blame for buying the craziness wholesale without doing research...
Comments (4)
Security Provider Barracuda Networks Hit by SQL Injection
April 12, 2011 Added by:Headlines
The website of application security vendor Barracuda Networks was compromised by a SQL injection attack. The attack appears to have exposed confidential information regarding Barracuda's business partners as well as network login credentials of several employees...
Comments (0)
McAfee Website Vulnerable to XSS and Other Attacks
March 29, 2011 Added by:Headlines
"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."
Comments (1)
The Psychology of 'Secure Code': A Tale of 2 Dev Shops
March 10, 2011 Added by:Rafal Los
Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...
Comments (0)
Dr. InfoSec's Quotes of the Week (015)
March 06, 2011 Added by:Christophe Veltsos
Who said: "Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information... Information security attacks are a very real threat..."?
Comments (0)
RSA 2011 Conference Notes from Anton Chuvakin
March 05, 2011 Added by:Anton Chuvakin
Most “analyst takeaways” from were about cloud and mobility. I heard a fun opinion on IT consumerization: if you deal with the security of employee devices by banning them, you will make your organization unattractive to the best employees – thus increasing, not reducing, your business risk...
Comments (0)
Software Security Assurance Psychology - The Legacy Code
March 04, 2011 Added by:Rafal Los
An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...
Comments (0)
Application Vulnerabilities are Like Landmines
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
Comments (0)
It Was Developed By A Third Party… Of Course It’s Secure!
March 01, 2011 Added by:Gary McCully
I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...
Comments (0)
RSA: Matt Alderman of Qualys Talks App Sec and the Cloud
February 22, 2011
Anthony M. Freed interviews Matt Alderman, Director of Product Management for Qualys. Matt has experience in solutions-oriented Governance, Risk Management and GRC, as well as directing a broad range of corporate compliance initiatives while designing, planning and implementing compliance solutions in direct support of client business objectives.
Comments (0)
Mobile Apps Vulnerable to Malicious Bypass Code
February 21, 2011 Added by:Headlines
The ongoing assumption has been that applications offered in the app marketplace have been vetted for security, but McAfee researchers have evidence that some mobile applications that have been approved for distribution may not be as secure as consumers would expect...
Comments (0)
Security Predictions for 2011
February 16, 2011 Added by:Anton Chuvakin
My past experience predicting shows that I am a cowardly, extrapolating predictor – and can get a lot of easy, obvious stuff right. I will do some of it now as well since there is nothing wrong with “Feynman prediction methodology”: predicting that whatever is there now will stay the same in the future...
Comments (0)
Four Components of a Successful SSA Program
February 15, 2011 Added by:Rafal Los
Process can be outlined in documentation and stored on a network share or published in a booklet on everyone's desktop. Process can be a workflow-driven project management system that requires a security-infused approach from requirements gathering all the way through post-release...
Comments (0)
Strategic Industries Should Go On High Alert
February 11, 2011 Added by:Richard Stiennon
Adversaries using pernicious methodologies are targeting the data of globally strategic industries. Business as usual based on risk based methodologies have to be supplanted by an urgent revamping of security deployments to counter a frightening new level of threat...