Application Security

Application Security news, information, and how-to advice

cloud security ts
security keys locks

rtx2b12t

Cisco patches critical exposure in management software

Vulnerability in Cisco Unified Computing System (UCS) Performance Manager software could let an authenticated, remote attacker execute commands

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

The new batch of security update addresses flaws in over 80 products

wordpress logo 8

Serious flaw fixed in widely used WordPress plug-in

The persistent XSS vulnerability could allow the hijacking of admin accounts

Veracode SoSS v3 Application Security Graph

When your security products are insecure: Takeaways from the Symantec disclosure

A reaction to the recent vulnerability disclosure in Symantec products, explaining why they are not a surprise

mit bug finder ruby on rails

The truth about bug finders: They're essentially useless

In tests, popular bug finders missed 98 percent of the vulnerabilities in researchers' code

danger warning alarn threat

Symantec bugfest highlights the dangers of security software

Vulnerabilities exist in all software applications, but in some cases, security software has worse flaws than the average application

Security

Lenovo ThinkPwn UEFI exploit also affects products from other vendors

The same critical vulnerability was found in the firmware of an HP laptop and several Gigabyte motherboards

endpoint security tools 1

Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

The noted web security guru worries that the key web and application threats aren't getting the right level of focus

malware

Flaws in Symantec products expose millions of computers to hacking

High severity vulnerabilities in enterprise and consumer products could have allowed hackers to execute malicious code on computers with no user interaction

Easy Everyday Encryption

Study: Encryption use increase largest in 11 years

But encryption technology spending as percent of total IT security budgets has gone down, as encryption is now built into many tools

code big data binary programming

Severe flaws in widely used open source library put many projects at risk

Input validation flaws in libarchive could lead to remote code execution

Roosevelt, Stalin, and Churchill during WWII

3 ways an appsec program saves time for developers

Strong application security program can save time for developers by helping them find vulnerabilities sooner, work with security professionals, and by educating developers on security best practices.

safety zone chemicals storage

Microsoft open-sources a safer version of C language

Checked C proposes to reduce programming errors by adding safety features to the C language, but whether it'll be used outside of a lab setting is another story

danger warning alarn threat

Adobe warns: Cyberespionage group targeting critical Flash bug

Enterprises should disable Flash or deploy Microsoft's EMET until Adobe's promised patch arrives

jail cells

Jailed JavaScript library runs untrusted code safely in browsers, Node.js

Jailed uses native JavaScript functions to run other libraries in a sandboxed environment, which could be the route to safer plugins and better automated testing of code

colorful financial report with magnifying glass

Mozilla's new fund will prevent the next Heartbleed, Shellshock

Mozilla's SOS Fund will pay for software audits to uncover serious vulnerabilities in open source software before they become problems

PowerShell for Exchange Admins

Salesforce puts Lightning in a tightly sealed bottle

The LockerService architecture isolates components in their own containers and stops them from calling undocumented or private APIs

chalk workflow chart

Office 365's brand-new apps: Planner and advanced security

For users, Office Online now has a workflow manager; for IT, Office 365 now has Advanced Security Management

Load More