Application Security

Application Security news, information, and how-to advice

windows bugs crashes
5 checklist

microsoft headquarters

Microsoft bug bounty program adds .Net Core and ASP.Net Core

The company will pay researchers up to $15,000 for critical vulnerabilities found in these software development platforms

cloud security ts

Flip Feng Shui attack on cloud VMs exploits hardware weaknesses

A sneaky attack on neighboring VMs in a cloud can be executed via the infamous Rowhammer memory-altering vulnerability, say security researchers

security keys locks

5 keys to conquering container security

Containers present a golden opportunity to bake security into development and operations processes; let’s seize it


Cisco patches critical exposure in management software

Vulnerability in Cisco Unified Computing System (UCS) Performance Manager software could let an authenticated, remote attacker execute commands

20151027 openworld oracle cloud signs

Oracle issues largest patch bundle ever, fixing 276 security flaws

The new batch of security update addresses flaws in over 80 products

wordpress logo 8

Serious flaw fixed in widely used WordPress plug-in

The persistent XSS vulnerability could allow the hijacking of admin accounts

Veracode SoSS v3 Application Security Graph

When your security products are insecure: Takeaways from the Symantec disclosure

A reaction to the recent vulnerability disclosure in Symantec products, explaining why they are not a surprise

mit bug finder ruby on rails

The truth about bug finders: They're essentially useless

In tests, popular bug finders missed 98 percent of the vulnerabilities in researchers' code

danger warning alarn threat

Symantec bugfest highlights the dangers of security software

Vulnerabilities exist in all software applications, but in some cases, security software has worse flaws than the average application


Lenovo ThinkPwn UEFI exploit also affects products from other vendors

The same critical vulnerability was found in the firmware of an HP laptop and several Gigabyte motherboards

endpoint security tools 1

Jeremiah Grossman: Focus on ransomware, SDLC, and endpoints

The noted web security guru worries that the key web and application threats aren't getting the right level of focus


Flaws in Symantec products expose millions of computers to hacking

High severity vulnerabilities in enterprise and consumer products could have allowed hackers to execute malicious code on computers with no user interaction

Easy Everyday Encryption

Study: Encryption use increase largest in 11 years

But encryption technology spending as percent of total IT security budgets has gone down, as encryption is now built into many tools

code big data binary programming

Severe flaws in widely used open source library put many projects at risk

Input validation flaws in libarchive could lead to remote code execution

Roosevelt, Stalin, and Churchill during WWII

3 ways an appsec program saves time for developers

Strong application security program can save time for developers by helping them find vulnerabilities sooner, work with security professionals, and by educating developers on security best practices.

safety zone chemicals storage

Microsoft open-sources a safer version of C language

Checked C proposes to reduce programming errors by adding safety features to the C language, but whether it'll be used outside of a lab setting is another story

danger warning alarn threat

Adobe warns: Cyberespionage group targeting critical Flash bug

Enterprises should disable Flash or deploy Microsoft's EMET until Adobe's promised patch arrives

jail cells

Jailed JavaScript library runs untrusted code safely in browsers, Node.js

Jailed uses native JavaScript functions to run other libraries in a sandboxed environment, which could be the route to safer plugins and better automated testing of code

Load More