Items Tagged with "Application Security"


0a8cae998f9c51e3b3c0ccbaddf521aa

Critical Keys to Successful Application Security Testing

May 03, 2011 Added by:Rafal Los

Keeping up with the amount of applications being released can often lead to more subtle issues. We can all say with relative confidence that just because an application has been tested does not make it secure - and even the best analysts & testers can miss security defects...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Majority of Web Apps Deployed with Security Flaws

April 26, 2011 Added by:Headlines

Veracode analyzed nearly five-thousand applications submitted to its cloud-based testing service over the period of eighteen months and found that more than half of the software had some sort of significant security flaw. “Software remains fundamentally flawed," the report states...

Comments  (0)

37d5f81e2277051bc17116221040d51c

Software Security Incidents Cost an Average $300,000

April 22, 2011 Added by:Robert Siciliano

Enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

Skype Fixes Critical Android Application Vulnerability

April 22, 2011 Added by:Headlines

"After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version as soon as possible in order to help protect your information..."

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Mobile Application Security - Separating Hype From Reality

April 12, 2011 Added by:Rafal Los

Everyone is to blame for the hype around mobile application security. The media is to blame for creating an insane amount of fear, security professionals and vendors are to blame for perpetuating this fear, and end-users are to blame for buying the craziness wholesale without doing research...

Comments  (4)

69dafe8b58066478aea48f3d0f384820

Security Provider Barracuda Networks Hit by SQL Injection

April 12, 2011 Added by:Headlines

The website of application security vendor Barracuda Networks was compromised by a SQL injection attack. The attack appears to have exposed confidential information regarding Barracuda's business partners as well as network login credentials of several employees...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

McAfee Website Vulnerable to XSS and Other Attacks

March 29, 2011 Added by:Headlines

"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Psychology of 'Secure Code': A Tale of 2 Dev Shops

March 10, 2011 Added by:Rafal Los

Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...

Comments  (0)

C6eac1ead1a5946e78fb19701ff40acd

Dr. InfoSec's Quotes of the Week (015)

March 06, 2011 Added by:Christophe Veltsos

Who said: "Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information... Information security attacks are a very real threat..."?

Comments  (0)

Ebb72d4bfba370aecb29bc7519c9dac2

RSA 2011 Conference Notes from Anton Chuvakin

March 05, 2011 Added by:Anton Chuvakin

Most “analyst takeaways” from were about cloud and mobility. I heard a fun opinion on IT consumerization: if you deal with the security of employee devices by banning them, you will make your organization unattractive to the best employees – thus increasing, not reducing, your business risk...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance Psychology - The Legacy Code

March 04, 2011 Added by:Rafal Los

An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...

Comments  (0)

39b6d5c1d3c6db11155b975f1b08059f

Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

It Was Developed By A Third Party… Of Course It’s Secure!

March 01, 2011 Added by:Gary McCully

I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...

Comments  (0)

6d117b57d55f63febe392e40a478011f

RSA: Matt Alderman of Qualys Talks App Sec and the Cloud

February 22, 2011

Anthony M. Freed interviews Matt Alderman, Director of Product Management for Qualys. Matt has experience in solutions-oriented Governance, Risk Management and GRC, as well as directing a broad range of corporate compliance initiatives while designing, planning and implementing compliance solutions in direct support of client business objectives.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Mobile Apps Vulnerable to Malicious Bypass Code

February 21, 2011 Added by:Headlines

The ongoing assumption has been that applications offered in the app marketplace have been vetted for security, but McAfee researchers have evidence that some mobile applications that have been approved for distribution may not be as secure as consumers would expect...

Comments  (1)

Page « < 16 - 17 - 18 - 19 - 20 > »