Application Security

Application Security news, information, and how-to advice

URL-spoofing bug in Safari could enable phishing attacks

Researcher develops code that can trick Safari into showing a different URL in its address bar than the one currently loaded

Google tightens restrictions on Chrome extensions

Most extensions for Windows and Mac will have to be installed from Google's Web Store


Apple logo, patched up

Apple's OS X 'Rootpipe' patch flops, fails to fix flaw

Researcher finds 'trivial way' to exploit privilege escalation vulnerability after Apple tries to plug Yosemite hole

HTTPS snooping flaw affected 1,000 iOS apps with millions of users

Flaw in the third-party library AFNetworking broke HTTPS certificate validation, enabling man-in-the-middle attacks

Dropbox to pay security researchers for bugs

Dropbox, which has not set a maximum reward, joins the list of companies crowdsourcing parts of their security testing

endofroadsign

Oracle to end publicly available security fixes for Java 7 this month

Users must sign long-term support deals or migrate to Java 8 to avoid 'enormous headache and disruption to millions of applications'

black duck

Black Duck's mission: To seek out insecure open source code in the enterprise

Black Duck Hub integrates with other tools to audit enterprise use of open source code for known vulnerabilities

Unlocked circuit board / security threat

IBM discloses vulnerability in Dropbox's Android SDK

The flaw allegedly affects popular Android apps like Microsoft Office Mobile, but Dropbox maintains its scope is limited

Microsoft fixes FREAK vulnerability in Patch Tuesday update

Microsoft has issued five critical patches among its 14 updates for for Windows, Internet Explorer, and Office

Flaw in popular Web analytics plug-in exposes WordPress sites to hacking

Attackers can easily crack cryptographic keys used by the WP-Slimstat plug-in and use them to read information from a site's database

Google scraps annual Pwnium bug-hunting contest

Google said the change will prevent security researchers from holding onto dangerous bugs in order to claim a big prize

Google Cloud offers security scanning for customer apps

The Google Cloud Security Scanner can ferret out XSS and mixed-content vulnerabilities

magnifying glass held over globe e013908

Real data security for all is now getting its start on mobile

Two approaches to data security are being pioneered on mobile, but over time will protect you anywhere

security awareness lock data finger touch point up

How the rise of open source could improve software security

Openness by itself does not yield more secure code, but a new dependence on open source by major software players could ensure more rigorous scrutiny

Google discloses unpatched Windows vulnerability

Microsoft didn't fix the bug in Windows 8.1 within a 90-day deadline Google imposed

lighthouse night warning

How to maintain security in continuous deployment environments

If you wait till tomorrow to secure what continuous deployment took live yesterday, hackers will infect your application today

BitTorrent dismisses security concerns raised about its Sync app

The cryptographic implementation is solid and cannot be compromsied through a remote server, the company says

Adobe fixes 18 vulnerabilities in Flash Player

Fifteen of the vulnerabilities addressed in the updates are critical and can result in remote code execution

patch bandage band-aid first-aid ouch cure remedy

Microsoft plans monster security update for next week

'Whopping … overwhelming' slate with 16 security updates is the biggest in more than three years

Security alert for incoming threats.

Drupal sites, assume you've been hacked

SQL injection bug threatens the websites of enterprises, governments, and many other institutions using the open source Drupal CMS

Load More