Application Security

Application Security news, information, and how-to advice

Security hole

Popular Android apps fail basic security tests, putting privacy at risk

Instagram and Grindr stored images on their servers that were accessible without authentication


Adobe slates critical Reader security update for Tuesday

Adobe plans to issue security updates for its PDF viewer Reader and for Acrobat to fix critical flaws in the software on Windows and Apple's OS X

Many Chrome browser extensions do sneaky things

A study of 48,000 Chrome extensions uncovers ad fraud, data theft, and other misdeeds

How to solve Java's security problem

Bringing application security natively into the JVM can provide stronger, faster, more accurate protection against dangerous vulnerabilities

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and Adobe Air

Microsoft EMET 5.0 security tool puts a leash on plug-ins

Latest version of the free toolkit allows administrators to block third-party plug-ins -- a favored route for attackers

No patch yet for zero day in Symantec Endpoint Protection software driver

Symantec has published recommendations for mitigating the danger

3 zero-day flaws found in Symantec's Endpoint Protection

Security vendor Offensive Security says the flaws could be used to gain full system access

New guide aims to remove the drama of reporting software flaws

Bugcrowd worked with legal firm CipherLaw to develop a framework for setting up a responsible bug disclosure program

Internet Explorer vulnerabilities surge to record levels in 2014

IE suffered more than twice as many vulnerabilities as Chrome and Firefox, an analysis of National Vulnerability Database figures shows

5 big security mistakes coders make

Security errors are rife in application development. Here are five of the most egregious -- and common -- missteps

Google bug-hunting Project Zero could pose trouble for software developers

There are concerns over how Google will handle conflicts with vendors unable to patch software before the reporting deadline

Black Tuesday patch KB 2962872 crashes InstallShield, causes slowdowns

Last Tuesday's KB 2962872 security roll-up for IE6 thru IE11 brings new problems, due to a bug affecting HTM files

Vulnerability in AVG security toolbar puts IE users at risk

Bad design decisions could have enabled malware infections, researchers from CERT/CC say

Critical vulnerability in WordPress newsletter plug-in endangers many blogs

Attackers could exploit a flaw in the MailPoet Newsletters plug-in to take full control of vulnerable blogs, researchers from Sucuri said

EFF sues the NSA to disclose use of software security flaws

The EFF filed suit seeks information about zero-day flaws the agency might be exploiting

Companies warned of major security flaw in Google Play apps

Many Android apps on Google Play contain authentication keys that can be easily taken to steal corporate and personal data

Node.js is the latest security risk for developers

Node.js isn't especially risky, but its popularity means sloppy coding can cause harm in a new venue

Flaws in popular SEO plug-in put WordPress websites at risk

Users of the 'All in One SEO Pack' plug-in should update as soon as possible, security researchers from Sucuri warn

Load More