Application Security

Application Security news, information, and how-to advice

security check point sign
patch bandage scissors first-aid kit

3 patches

Microsoft kills off security bulletins after several stays

'Disappointing,' says patch expert after concluding the replacement means more work for admins

microsoft stock campus building

Microsoft fixes 45 flaws, including three actively exploited vulnerabilities

Microsoft Patch Tuesday includes fixes for critical flaws in IE, Edge, Office, Windows, and .Net

woman code laptop developer programming

Silicon Valley weighs speed versus risk in app dev

A panel featuring Atlassian, GitHub, HackerOne, and Rainforest explores how to get successful software projects completed on time without breaking things

security check point sign

Mozilla project keeps compromised apps out of circulation

The Binary Transparency plan would use public certificate technology to guarantee binaries haven't been replaced with malicious counterparts

Security online

Pwn2Own hacking contest ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Software vendors will fix these vulnerabilities, but users should remember that there are always zero-day exploits out there

Black and white image of gangster smoking cigarette with machine gun

Preparing for the professional cybercrime industry

Ransomware is a growing segment of the cybercrime industry and it's driving a lot of changes in the way hackers operate. Businesses need to know what's happening and shift their defensive strategies accordingly.

bug bounty

Why you need a bug bounty program

If you’re ready to deal with the volume of reports, a bug bounty program can help you can find the holes in your system — before attackers do

robots pc computers army desks work

Prepare for the smart bot invasion

We all know about the havoc wreaked by malicious bots, but soon, we'll have to deal with 'good' bots. How do you tell the two apart?

lawsuit judge law court decision sued

Why executive orders aren't enough to fix cybersecurity

Big-picture executive orders won't get the job done. Here's what we should aspire to do to keep ourselves safe at the application layer

whisper shh quiet mouth lips men antique vintage secret

Got secrets? Docker Datacenter can help your applications keep them

Docker Datacenter now supports secrets in containerized apps -- API keys, passwords, and encryption keys -- and ensures they are securely stored and transmitted

google play store

Google might be gearing up to remove millions of Play Store apps next month

The crackdown by Google, which sets a March 15 compliance date, targets apps with questionable privacy policies

apple ios

Dozens of iOS apps fail to secure users' data, researcher says

The developers have misconfigured the apps to accept invalid TLS certificates, says the security researcher who detected the app vulnerabilities

machine learning

AI isn't for the good guys alone anymore

Criminals are beginning to use artificial intelligence and machine learning to get around cyberdefenses

BSOD

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server

smartphone apps transmit user man

Better security through obscurity? Think again

Hackers may not target obscure apps as often as popular software, but your systems still won't be much safer

heartbleed illustration

That Hearbleed problem may be more pervasive than you think

The 200,000 devices with the OpenSSL Heartbleed vulnerability may include commercial software you are running

defenses against super attackes 1

Cisco scrambling to fix a remote code execution problem in WebEx

There’s no workaround and no final patch for a critical bug that can open up users’ computers to remote code execution attacks

Load More