Application Security

Application Security news, information, and how-to advice

Google triples bug bounty reward range to $15,000

Google hopes to deter security researchers from selling their information to cyber criminals

Cisco, Oracle find dozens of their products affected by Shellshock

Cisco has identified 71 products vulnerable to Shellshock and Oracle 51, but the number is likely to increase


Attacks against Shellshock continue as updated patches hit the Web

Updated patches for the vulnerability are in the works, but cyber criminals are targeting the flaw now


Apple says most Mac users safe from Shellshock bug, promises quick fix

Don't panic! Your Mac is very, very unlikely to be affected by the Shellshock Bash vulnerability

security snafus deadly death skull bones fatal

Shellshocked: Yes, it's a huge threat, and here's why

InfoWorld's Paul Venezia describes in technical detail what he's seeing on his own servers -- and it's not good

Adobe releases previously delayed security updates for Reader and Acrobat

The updates fix eight vulnerabilities, including some that could be exploited to infect computers with malware

Security hole

New NSA-funded programming language could close long-standing security holes

Wyvern securely rolls five programming languages into one.

Popular Android apps fail basic security tests, putting privacy at risk

Instagram and Grindr stored images on their servers that were accessible without authentication

Adobe slates critical Reader security update for Tuesday

Adobe plans to issue security updates for its PDF viewer Reader and for Acrobat to fix critical flaws in the software on Windows and Apple's OS X

Many Chrome browser extensions do sneaky things

A study of 48,000 Chrome extensions uncovers ad fraud, data theft, and other misdeeds

How to solve Java's security problem

Bringing application security natively into the JVM can provide stronger, faster, more accurate protection against dangerous vulnerabilities

Users should patch critical flaw in Adobe Reader and Acrobat, researchers say

Adobe also releases critical updates for Flash Player and Adobe Air

Microsoft EMET 5.0 security tool puts a leash on plug-ins

Latest version of the free toolkit allows administrators to block third-party plug-ins -- a favored route for attackers

No patch yet for zero day in Symantec Endpoint Protection software driver

Symantec has published recommendations for mitigating the danger

3 zero-day flaws found in Symantec's Endpoint Protection

Security vendor Offensive Security says the flaws could be used to gain full system access

New guide aims to remove the drama of reporting software flaws

Bugcrowd worked with legal firm CipherLaw to develop a framework for setting up a responsible bug disclosure program

Internet Explorer vulnerabilities surge to record levels in 2014

IE suffered more than twice as many vulnerabilities as Chrome and Firefox, an analysis of National Vulnerability Database figures shows

5 big security mistakes coders make

Security errors are rife in application development. Here are five of the most egregious -- and common -- missteps

Google bug-hunting Project Zero could pose trouble for software developers

There are concerns over how Google will handle conflicts with vendors unable to patch software before the reporting deadline

Black Tuesday patch KB 2962872 crashes InstallShield, causes slowdowns

Last Tuesday's KB 2962872 security roll-up for IE6 thru IE11 brings new problems, due to a bug affecting HTM files

Load More