Application Security News, Articles and Updates
Application security firm Checkmarx announced on Thursday it received an $84M investment from Insight Venture Partners.
Injection, broken authentication/session management and cross-site scripting make up the top three spots.
The old notions of defense-in-depth are being challenged, and architectures tend to have what appear to be single points of failure or compromise.
Many of today's applications are designed to work over any port, which increases chances they won't be blocked by firewalls.
The chairs of the five conference tracks taking place later this month at the Black Hat show in Las Vegas took some time Thursday to discuss some of the more riveting sessions that are planned.
Criminals are lessening their reliance on the PC. The latest proof is a rogue Android application that seeks to steal Spanish banking credentials through a man-in-the-middle-style attack.
Juniper Networks has acquired Mykonos Software, a privately held company which offers tools and services to secure websites and web applications against hackers.
West Virginia University was looking to protect student and staff data. It found a software solution to assist in the process, reports Greg Masters.
Taking your Android's pulse before you give it access to your health records.
A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
Gene Schultz, who died on Sunday at the age of 65, is remembered as one of the most accomplished and respected professionals in the field of cybersecurity.
SC Magazine Executive Editor Dan Kaplan sits down with a Juniper security executive to learn why the trend of mobility and data migration should be a top concern for security professionals, and how they can institute best practices to deal with the new risk.
SC Magazine Editor-in-Chief Illena Armstrong sits down with Tom Reilly, VP and general manager, HP Enterprise Security Products, to discuss how corporations' increased reliance on virtualization, applications and mobile devices create new surface areas for attack, and what CSOs must do to make the business case for information security and risk management funding.
Apple on Friday issued an update for its iOS mobile operating system, addressing a security flaw being used to jailbreak iPad, iPhone and iPod Touch devices.
Apple on Thursday said it is working to fix a security flaw in its iOS mobile operating system that soon could be used by criminals to gain access to users' devices.
A new, web-based jailbreaking tool available for the iPad 2 leverages a vulnerability in the way Apple's mobile operating system, iOS, handles PDF files.
Apple's iOS and Google's Android mobile platforms are more secure than traditional desktop operating systems though both are still vulnerable to many types of attacks, according to a new report.
There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.
Debate: Mobile app stores should test and certify before making apps available to customers.
A new report from Veracode paints a grim picture of the security built into application software.
Nasdaq OMX, the company that runs the world's largest electronic stock exchange, said it detected suspicious files on its U.S. servers.
Vulnerabilities in web applications remain the preferred entryway for crooks seeing valuable company information, Rob Lamb, vice president of IBM security products, said Wednesday at SC Congress Canada in Toronto.
The mobile application threat space still is in its infancy, but organizations should be planning for the possibility of things heating up in the near future, said the security director of a major bank in Canada.
Organizations must consider security at the network, application, host and data layers to most effectively protect against threats.
Microsoft on Tuesday will make available a patch for a zero-day vulnerability affecting ASP.net.
Microsoft late Friday issued a security advisory confirming the existence of an unpatched vulnerability that affects web applications built on ASP.NET.
In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
A computer expert draws on three case studies to dispel myths surrounding the protection and prevention of vulnerable code.
As Microsoft continues to probe the DLL "preloading" vulnerability, it released a "Fix It" that organizations can use to configure their applications from being open to attack.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Cisco shedding 7% of its workforce
- DroidJack attacks delivered through Twilio SMS messages
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- After NSA leaks, a renewed interest in vulnerability disclosure
- USAA members hit with multiple phishing attacks
- Saving money on security software by improving cyber posture, report
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Epic hack, thousands of salted logins stolen