Application Security

Application Security news, information, and how-to advice

Security online
ten riskiest 00 title

nikhil mittal black hat europe 2015

Continuous integration tools can be the Achilles' heel for a company's IT security

CI deployments are insecure in default configurations and allow the execution of commands on the underlying OS with system privileges

Bug bounty

Researchers find a fix for a Flash bug -- and future variants

Endgame Security researchers have identified a new mitigation technique to block use-after-free bugs similar to the one Adobe patched recently

library shelves books stacks

Library misuse exposes leading Java platforms to attack

A deserialization vulnerability in Apache Commons Collections could lead to remote code execution on JBoss, WebSphere, Jenkins, WebLogic, and OpenNMS installations, but the sky isn't falling yet

Security online

Deploying application whitelisting? NIST has some advice for you

The U.S. government agency has published a detailed guide on how to use application whitelisting technologies to bar malware infections

hack hacker cyber thief theft stolen

5 signs your Web application has been hacked

Website defacements? Database dumps? Mysterious files? Here's how to tell if your Web application has been hacked -- and how to secure it once and for all


Ellison: Oracle has fixed security

Oracle Chairman Larry Ellison has put better security at the heart of his pitch for the company's new products.

microsoft headquarters

Microsoft to pay up to $15K for bugs in two Visual Studio tools

Microsoft has started a three-month bug bounty program for two tools that are part of Visual Studio 2015.

first-aid patch medicine cure

Oracle fixes critical flaws in Database Server, MySQL, Java

The bad news: Java and Oracle's database products had lots of vulnerabilities. The good news: None are currently under attack

Security online

Oracle slams door on Russian cyber spies who hacked NATO PCs through Java

The vulnerability is just one of 154 fixed by Oracle across a wide range of products

security open lock

Red Hat teams with Black Duck to keep containers secure

Enterprises can use Black Duck Hub to screen containers hosted in Red Hat OpenShift for open source vulnerabilities

pirate flag skull pirate

Freedom or security? Most users have chosen

Think about it: App stores are highly restrictive, and now both mobile and desktop OSes employ stores to bar bad apps


Flash Player emergency patch fixes one flaw already being exploited, and two others

One of the vulnerabilities is already being used in cyber espionage attacks against government targets

Adobe logo and products reflected in displays.

Adobe promises new Flash Player update to plug zero-day bug

The latest zero-day vulnerability in Flash Player is currently under attack by Pawn Storm. Sit tight for an emergency patch next week

Digital Key

Newly found TrueCrypt flaw allows full system compromise

Google's Project Zero team discovered two serious flaws in the driver the TrueCrypt full disk encryption program installs on Windows systems

Microsoft IoT Pack for Raspberry Pi 2

Microsoft's enterprise-grade security is coming to Windows 10 IoT

Developers can now buy a kit to get started with Microsoft's embedded OS, which will feature Bitlocker encryption and Secure Boot

iOS 9 on iPhone 6

Hack iOS 9 and get $1 million, cyber security firm says

Exploit acquisition company Zerodium has $3 million to buy iOS jailbreaks, which it plans to share with customers

apple windows

Get to know Mac Gatekeeper, aka Windows 10's security model

Now that Windows has Device Guard, here's how to use its inspiration, Gatekeeper, on the Mac

Security in cloud computing

BitTorrent patches flaw that could amplify distributed denial-of-service attacks

Attackers could use the vulnerability to force BitTorrent applications used by hundreds of millions of users to send malicious traffic

Load More