Items Tagged with "Application Security"


Basic Secure Coding Practices for C or C++

May 04, 2011 Added by:Keith Mendoza

Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...

Comments  (3)


Critical Keys to Successful Application Security Testing

May 03, 2011 Added by:Rafal Los

Keeping up with the amount of applications being released can often lead to more subtle issues. We can all say with relative confidence that just because an application has been tested does not make it secure - and even the best analysts & testers can miss security defects...

Comments  (0)


Majority of Web Apps Deployed with Security Flaws

April 26, 2011 Added by:Headlines

Veracode analyzed nearly five-thousand applications submitted to its cloud-based testing service over the period of eighteen months and found that more than half of the software had some sort of significant security flaw. “Software remains fundamentally flawed," the report states...

Comments  (0)


Software Security Incidents Cost an Average $300,000

April 22, 2011 Added by:Robert Siciliano

Enterprises must move from technological security silos to enterprise security intelligence. This can be achieved through the interaction of different technologies as well as contextual analyses of integrated security and business information...

Comments  (1)


Skype Fixes Critical Android Application Vulnerability

April 22, 2011 Added by:Headlines

"After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version as soon as possible in order to help protect your information..."

Comments  (0)


Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)


Mobile Application Security - Separating Hype From Reality

April 12, 2011 Added by:Rafal Los

Everyone is to blame for the hype around mobile application security. The media is to blame for creating an insane amount of fear, security professionals and vendors are to blame for perpetuating this fear, and end-users are to blame for buying the craziness wholesale without doing research...

Comments  (4)


Security Provider Barracuda Networks Hit by SQL Injection

April 12, 2011 Added by:Headlines

The website of application security vendor Barracuda Networks was compromised by a SQL injection attack. The attack appears to have exposed confidential information regarding Barracuda's business partners as well as network login credentials of several employees...

Comments  (0)


McAfee Website Vulnerable to XSS and Other Attacks

March 29, 2011 Added by:Headlines

"The McAfee SECURE trustmark only appears when the website has passed our intensive, daily security scan. In other words, the presence of this label means that the website is not vulnerable to the exact same vulnerabilities McAfee currently has.."

Comments  (1)


The Psychology of 'Secure Code': A Tale of 2 Dev Shops

March 10, 2011 Added by:Rafal Los

Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...

Comments  (0)


Dr. InfoSec's Quotes of the Week (015)

March 06, 2011 Added by:Christophe Veltsos

Who said: "Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information... Information security attacks are a very real threat..."?

Comments  (0)


RSA 2011 Conference Notes from Anton Chuvakin

March 05, 2011 Added by:Anton Chuvakin

Most “analyst takeaways” from were about cloud and mobility. I heard a fun opinion on IT consumerization: if you deal with the security of employee devices by banning them, you will make your organization unattractive to the best employees – thus increasing, not reducing, your business risk...

Comments  (0)


Software Security Assurance Psychology - The Legacy Code

March 04, 2011 Added by:Rafal Los

An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...

Comments  (0)


Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)


It Was Developed By A Third Party… Of Course It’s Secure!

March 01, 2011 Added by:Gary McCully

I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...

Comments  (0)


RSA: Matt Alderman of Qualys Talks App Sec and the Cloud

February 22, 2011

Anthony M. Freed interviews Matt Alderman, Director of Product Management for Qualys. Matt has experience in solutions-oriented Governance, Risk Management and GRC, as well as directing a broad range of corporate compliance initiatives while designing, planning and implementing compliance solutions in direct support of client business objectives.

Comments  (0)

Page « < 16 - 17 - 18 - 19 - 20 > »