Items Tagged with "Application Security"


Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)


Application Software in the Cloud – Power to the People

June 08, 2011 Added by:Danny Lieberman

We all use the term ”IT Governance” as if security of data was dependent on policy. Since we have lots of IT governance and lots of data breaches, we may safely assume that writing procedures while the hackers attack software and steal data is not an effective security countermeasure...

Comments  (0)


Examining the Sources of Security Incidents

June 06, 2011 Added by:Bozidar Spirovski

Security incidents come in all shapes and sizes. They can affect availability, confidentiality or integrity. Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent...

Comments  (0)


Focusing on Success or Failure in IT and Infosec

June 01, 2011 Added by:Robb Reck

Information security works differently than IT. Rather than focusing on how to build a system that can meet a requirement, the security-minded will focus on how to build a system that cannot do anything but meet a requirement. The difference is subtle, but critically important...

Comments  (0)


Mobile Payments Set to Dramatically Increase

May 26, 2011 Added by:Robert Siciliano

The Payment Card Industry Standards Council is not yet granting approval to any mobile payment applications. With the explosive growth of the mobile payment industry, they are holding off and waiting to see which technologies rise to the top...

Comments  (0)


Prescriptive Software Security Assurance for SMBs

May 25, 2011 Added by:Rafal Los

Can you handle the work it would take to ratchet up security on your applications? If you've got more than a dozen applications with more then 5 in the pipeline, you can figure on a single non-dedicated resource being able to handle one application security test per week, tops...

Comments  (0)


Las Vegas Wants to be Your Friend on Facebook

May 23, 2011 Added by:Rafal Los

Sadly, as your privacy shrinks - or as you give more and more of it away - the possibility of that crazy night in "Sin City" will follow you not just to work on Monday, but maybe to the next time a hacker is trying to penetrate your applications attack surface...

Comments  (1)


Think You Can’t Afford Code/App Testing? Think Again...

May 19, 2011 Added by:Brent Huston

Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...

Comments  (1)


Granular Application Control Drives Next Gen Firewalls

May 18, 2011

Web apps in particular have become a nightmare for IT staff. Should users be allowed to use Twitter, URL shorteners like or, or even Facebook? And if they do what should they be allowed to do within the app? Posting updates is one thing. Playing Mafia Wars is another...

Comments  (0)


Post-Production Application Security Testing

May 17, 2011 Added by:Rafal Los

I've spent several meetings in the last few months reminding people that even though they perform security testing and validation of their apps before they deploy they're leaving those apps running, in some cases for years, without looking back in on them. This is a bad thing...

Comments  (0)


SMS Trojan Infects Multiple Android Applications

May 16, 2011 Added by:Headlines

"Google has removed the offending apps, published by "zsone," from the official Android Market, but researchers at the security firm Kaspersky Lab said it's possible the malware, classified as a Trojan because it hides inside software, affects more than the 11 apps AegisLab found..."

Comments  (0)


ERP Vulnerabilities Differ from Those at the Database Level

May 13, 2011 Added by:Alexander Rothacker

ERP applications are attractive targets because this software is present in all major organizations and across the whole enterprise. The backend database of these systems usually contains customer data and key company secrets, such as the logic for business processes...

Comments  (0)


Application Security Profiling Exercise: Important Considerations

May 12, 2011 Added by:kapil assudani

Determining the security profile of an application is a very involved and complicated process – one needs to understand the business logic of the application, its integration with other applications and the security profile of the context this application interacts with...

Comments  (1)


Securing Applications at High Velocity

May 11, 2011 Added by:Rafal Los

While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...

Comments  (0)


Supporting "Unmaintainable" Applications

May 08, 2011 Added by:Rafal Los

A solid Software Security Assurance program takes into consideration the legacy risks from all the applications that have existed before a security program came into being. The issues that surround legacy applications are complex, and can create headaches for security teams...

Comments  (0)


Is Too Much Focus Put on the Application Layer?

May 06, 2011 Added by:Keith Mendoza

Information system security is really nothing new, its just that no one has paid attention to it until recently; and the focus seem to mostly be on securing the application. My question is: who will make sure that the attack vector will not come from the hardware layer?

Comments  (4)

Page « < 15 - 16 - 17 - 18 - 19 > »