Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor

News 25 Oct 2022
Cryptomining campaign abused free GitHub account trials

Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Oct 2022
Top security-by-design frameworks

Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Definition 21 Oct 2022
command-and-control server (C&C server)

A command-and-control server (C&C server) is a computer that issues directives to digital devices that have been infected with rootkits or other types of malware, such as ransomware. Continue Reading
By
- Kinza Yasar, Technical Writer
Feature 20 Oct 2022
VPN vs. zero trust vs. SDP: What's the difference?

For strong network security, many vendors say VPNs don't cut it anymore. Enter the zero-trust security model and SDPs. Continue Reading
By
- Michaela Goss, Senior Site Editor
News 19 Oct 2022
Azure vulnerability opens door to remote takeover attacks

Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes. Continue Reading
By
- Shaun Nichols
News 18 Oct 2022
Python vulnerability highlights open source security woes

A 15-year-old unpatched vulnerability in a tarfile module for the Python programming language prompted researchers from cybersecurity vendor Trellix to take action. Continue Reading
By
- Arielle Waldman, News Writer
Definition 18 Oct 2022
Diffie-Hellman key exchange (exponential key exchange)

Diffie-Hellman key exchange is a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 13 Oct 2022
NPM API flaw exposes secret packages

A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack. Continue Reading
By
- Shaun Nichols
Feature 12 Oct 2022
The history and evolution of zero-trust security

Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
By
- Mary K. Pratt
Tip 12 Oct 2022
An overview of the CISA Zero Trust Maturity Model

A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
By
- Paul Kirvan
Feature 12 Oct 2022
7 steps for implementing zero trust, with real-life examples

More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Johna Till Johnson, Nemertes Research
News 11 Oct 2022
Microsoft resolves Windows zero-day on October Patch Tuesday

The company released mitigation instructions for two Exchange Server zero-days discovered late last month but had no security updates to close the flaws on the email platform. Continue Reading
By
- Tom Walat, Site Editor
News 11 Oct 2022
NPM malware attack goes unnoticed for a year

A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers. Continue Reading
By
- Shaun Nichols
Feature 11 Oct 2022
How to choose the best ZTNA vendor for your organization

In a sea of options, finding the best ZTNA vendor for your organization can pose a major challenge. Weed through the marketing hype with advice from the experts. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 11 Oct 2022
Google launches new supply chain security offerings

Securing the software supply chain, especially open source libraries, was a major theme behind the new products released at the Google Cloud Next '22 conference. Continue Reading
By
- Arielle Waldman, News Writer
Tip 11 Oct 2022
How to conduct a cybersecurity audit based on zero trust

This checklist offers guidance on how to prepare for a zero-trust cybersecurity audit and helps document how well cybersecurity controls are performing based on CISA's ZTMM. Continue Reading
By
- Paul Kirvan
News 07 Oct 2022
CISA lists top vulnerabilities exploited by Chinese hackers

The U.S. government published a list of the most commonly exploited vulnerabilities exploited by Chinese state-sponsored actors, including Log4Shell and the ProxyLogon bugs. Continue Reading
By
- Shaun Nichols
Definition 06 Oct 2022
filter (computing)

The term filter in computing can mean a variety of things, depending on the technology or technical discipline in question. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 04 Oct 2022
Secureworks finds network intruders see little resistance

A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection. Continue Reading
By
- Shaun Nichols
News 04 Oct 2022
Tenable shifts focus, launches exposure management platform

The company said it's expanding beyond vulnerability management to address the growing attack surface and the challenges customers face to address it. Continue Reading
By
- Arielle Waldman, News Writer
News 29 Sep 2022
Mandiant spots new malware targeting VMware ESXi hypervisors

Mandiant researchers said the backdoors were installed with a novel technique that used malicious vSphere Installation Bundles, though it's unclear how initial access was achieved. Continue Reading
By
- Rob Wright, Senior News Director
News 28 Sep 2022
Intel SDKs give developers tools for AI, quantum software

Intel launched new SDKs for AI and quantum computing and added tools underpinned by the Intel Developer Cloud in an effort to attract developers to build on its hardware. Continue Reading
By
- Bridget Botelho, Editorial Director, News
News 23 Sep 2022
Malicious NPM package discovered in supply chain attack

Threat actors are circulating a look-alike version of the Material Tailwind NPM package to infect developers for supply chain malware attacks, according to ReversingLabs. Continue Reading
By
- Shaun Nichols
News 22 Sep 2022
IT pros pan government software supply chain security advice

As the prospect of federally mandated SBOM drives up usage of the software supply chain security tech, the government's documentation so far adds to risky confusion, experts say. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 22 Sep 2022
10 security-by-design principles to include in the SDLC

Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling. Continue Reading
By
- Charles Kolodgy, Security Mindsets
News 22 Sep 2022
15-year-old Python vulnerability poses supply chain threat

Trellix researchers issued a call for help to patch a vulnerable software module, which was found in more than 300,000 open source GitHub repositories. Continue Reading
By
- Arielle Waldman, News Writer
Answer 20 Sep 2022
How DKIM records reduce email spoofing, phishing and spam

Learn how implementing DomainKeys Identified Mail helps protect against phishing, spam and email forgery by digitally signing outgoing messages. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 16 Sep 2022
DOJ drops report on cryptocurrency crime efforts

The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges. Continue Reading
By
- Shaun Nichols
Opinion 14 Sep 2022
5 ways to improve your cloud security posture

With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
By
- Melinda Marks, Practice Director
Definition 13 Sep 2022
air gap (air gapping)

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 08 Sep 2022
Cisco Talos traps new Lazarus Group RAT

The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies. Continue Reading
By
- Shaun Nichols
Tutorial 01 Sep 2022
How to create and add an SPF record for email authentication

Learn how to create Sender Policy Framework records to list authenticated mail servers for an email domain to fight spam, phishing, email forgery and other malicious email. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 01 Sep 2022
Microsoft discloses 'high-severity' TikTok vulnerability

The flaw in TikTok's Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app. Continue Reading
By
- Arielle Waldman, News Writer
Tip 01 Sep 2022
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 30 Aug 2022
Microsoft Excel attacks fall out of fashion with hackers

Hornetsecurity researchers say newly introduced safety measures from Microsoft have driven cybercriminals away from using Excel as a malware infection tool. Continue Reading
By
- Shaun Nichols
News 30 Aug 2022
FBI warns attacks on DeFi platforms are increasing

As cryptocurrency interest soars, cybercriminals are cashing in on the immaturity of some DeFi platforms and stealing hundreds of millions of dollars from investors. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Aug 2022
Mitiga: Attackers evade Microsoft MFA to lurk inside M365

During an incident response investigation, Mitiga discovered attackers were able to create a second authenticator with no multifactor authentication requirements. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Aug 2022
Twitter whistleblower report holds security lessons

The whistleblower report from Twitter's former security lead should provide companies and boards with lessons on how not to handle internal security concerns. Continue Reading
By
- Shaun Nichols
News 24 Aug 2022
PyPI phishing renews call for mandatory 2FA, package signing

Some developers view compulsory 2FA and package signing as a threat to productivity, but industry experts say such requirements are inevitable amid ongoing cyberattacks. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Stephanie Glen, News Writer
Tip 24 Aug 2022
How to conduct a secure code review

Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
By
- Michael Cobb
News 17 Aug 2022
Google patches yet another Chrome zero-day vulnerability

Google issued an update Wednesday to address a potentially serious security vulnerability in its Chrome browser, and the company urged users to patch their browsers immediately. Continue Reading
By
- Shaun Nichols
News 16 Aug 2022
Mailchimp suffers second breach in 4 months

While the source of the breach has not been confirmed, an attacker got into Mailchimp and gained access to the customer account of cloud hosting provider DigitalOcean. Continue Reading
By
- Arielle Waldman, News Writer
Tip 16 Aug 2022
How to ensure a secure metaverse in your organization

Before deploying your company's metaverse, follow these practices -- including inventorying vulnerabilities and developing T&Cs -- to proactively address metaverse security issues. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 12 Aug 2022
Eclypsium calls out Microsoft over bootloader security woes

At DEF CON 30, Eclypsium researchers detailed three new vulnerabilities in third-party Windows bootloaders that were signed with Microsoft's UEFI certificates. Continue Reading
By
- Rob Wright, Senior News Director
News 11 Aug 2022
Researchers reveal Kubernetes security holes, prevention

Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
By
- Shaun Nichols
News 11 Aug 2022
How CI/CD pipelines are putting enterprise networks at risk

At Black Hat USA 2022, NCC Group researchers demonstrated how threat actors can compromise CI/CD pipelines and break out into enterprise networks and cloud environments. Continue Reading
By
- Rob Wright, Senior News Director
Tip 10 Aug 2022
Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 03 Aug 2022
Thoma Bravo to acquire Ping Identity for $2.8B

Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 02 Aug 2022
10 enterprise database security best practices

Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices. Continue Reading
By
- Ed Moyle, Drake Software
- Mike Chapple, University of Notre Dame
Definition 01 Aug 2022
stack pointer

A stack pointer is a small register that stores the memory address of the last data element added to the stack or, in some cases, the first available address in the stack. Continue Reading
By
- Robert Sheldon
Feature 28 Jul 2022
How to secure data at rest, in use and in motion

With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022

To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 25 Jul 2022
The awkward state of the remote vs. in-person work debate

TechTarget senior news writer Beth Pariseau discusses return-to-work initiatives for IT pros and in-person tech conferences coming back onto the schedule. Continue Reading
By
- Tim Culverhouse, Site Editor
- Ryan Black, Assistant Site Editor
News 21 Jul 2022
Atlassian Confluence plugin contains hardcoded password

A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 15 Jul 2022
Pen testing vs. vulnerability scanning: What’s the difference?

Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used. Continue Reading
By
- Andrew Froehlich, West Gate Networks
News 12 Jul 2022
4 critical flaws among 84 fixes in July Patch Tuesday

Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service. Continue Reading
By
- Shaun Nichols
News 06 Jul 2022
HackerOne incident raises concerns for insider threats

While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances

Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
By
- Shaun Nichols
Feature 27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?

Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
By
- Kyle Johnson, Technology Editor
Tip 24 Jun 2022
Top 4 best practices to secure the SDLC

NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks

A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
By
- Shaun Nichols
Tip 16 Jun 2022
How to set up automated log collection with PowerShell

Gathering logs from on-premises Windows Server systems or Office 365 cloud services is a necessary but tedious job. Try a PowerShell script to ease the pain. Continue Reading
By
- Liam Cleary, SharePlicity
Tip 16 Jun 2022
How hackers use AI and machine learning to target enterprises

AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 14 Jun 2022
Critical Atlassian Confluence flaw remains under attack

Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
By
- Shaun Nichols
News 13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities

Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Jun 2022
Supply chain security takes center stage at OpenJS World 2022

At OpenJS World 2022, the Open Source Security Foundation outlined two ambitious initiatives to fix supply chain security issues in open source software. Continue Reading
By
- Stephanie Glen, News Writer
News 09 Jun 2022
CrowdStrike demonstrates dangers of container escape attacks

CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system. Continue Reading
By
- Shaun Nichols
News 06 Jun 2022
MacOS malware attacks slipping through the cracks

Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code. Continue Reading
By
- Shaun Nichols
News 03 Jun 2022
Critical Atlassian Confluence flaw exploited in the wild

No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Jun 2022
May ransomware attacks strike municipal governments, IT firms

A major agriculture machinery vendor as well as a handful of other private companies and municipal governments were the targets of ransomware attacks in May. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
News 02 Jun 2022
Conti ransomware group targeted Intel firmware tools

A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers. Continue Reading
By
- Shaun Nichols
News 31 May 2022
Microsoft zero day exploited in the wild, workarounds released

A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations. Continue Reading
By
- Rob Wright, Senior News Director
News 26 May 2022
Twitter fined $150M for misusing 2FA data

The DOJ and FTC said the social media company misused consumers' personal data for advertisement purposes, from which it gained benefit. Continue Reading
By
- Arielle Waldman, News Writer
Tip 26 May 2022
Top 4 source code security best practices

Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
News 24 May 2022
Developers targeted by poisoned Python library

A developer's expired domain led to a threat actor taking control of an open source library and poisoning it with malware that could steal private keys for AWS instances. Continue Reading
By
- Shaun Nichols
Tip 23 May 2022
5 fundamental strategies for REST API authentication

There are various authentication methods for REST APIs, ranging from basic credentials and token encryption to complex, multilayered access control and permissions validation. Continue Reading
By
- Priyank Gupta, Sahaj Software
Feature 20 May 2022
Apple, Microsoft, Google expand FIDO2 passwordless support

Achieving true passwordless experiences begins with companies working together to adopt standards that enable customers to use multiple devices seamlessly, regardless of OS. Continue Reading
By
- Kyle Johnson, Technology Editor
News 19 May 2022
VMware vulnerabilities under attack, CISA urges action

Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon. Continue Reading
By
- Shaun Nichols
Feature 18 May 2022
5 reasons software updates are important

When it's time to update your software programs, don't delay. Updates can prevent security issues and improve compatibility and program features. Continue Reading
By
- Amanda Hetler, Senior Editor
Tutorial 17 May 2022
Query event logs with PowerShell to find malicious activity

Every action on a Windows Server system gets recorded, so don't get caught by an avoidable security incident. Learn how to find potential security problems in event logs. Continue Reading
By
- Liam Cleary, SharePlicity
Tip 16 May 2022
How micropatching could help close the security update gap

Countless known but unpatched vulnerabilities pose significant, ongoing risk to the typical enterprise. Learn how micropatching could help close the security update gap. Continue Reading
By
- Michael Cobb
Feature 10 May 2022
Case study: Scaling DevSecOps at Comcast

Comcast's DevSecOps transformation started small but quickly gained steam, resulting in 85% fewer security incidents in production. Learn more in this case study. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 09 May 2022
The top secure software development frameworks

Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
By
- Paul Kirvan
News 05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts

Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
By
- Shaun Nichols
News 05 May 2022
Google cloud misconfiguration poses risk to customers

Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines. Continue Reading
By
- Arielle Waldman, News Writer
Tip 29 Apr 2022
Is cloud critical infrastructure? Prep now for provider outages

The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 28 Apr 2022
Phishing attacks benefiting from shady SEO practices

Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
By
- Shaun Nichols
Tip 26 Apr 2022
Windows Server 2022 security hardening guide for admins

Emerging threats continue to target the Windows ecosystem, but there are multiple methods to make it tougher to be the victim of a malicious hack attempt. Continue Reading
By
- Brien Posey
News 25 Apr 2022
LemonDuck botnet evades detection in cryptomining attacks

While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices. Continue Reading
By
- Arielle Waldman, News Writer
Feature 22 Apr 2022
Unethical vulnerability disclosures 'a disgrace to our field'

The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 21 Apr 2022
Cryptocurrency theft leaves Beanstalk Farms' future in doubt

Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Apr 2022
Attack on Beanstalk Farms results in $182M loss

High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform. Continue Reading
By
- Arielle Waldman, News Writer
News 14 Apr 2022
Critical Windows RPC vulnerability raises alarm

Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks. Continue Reading
By
- Shaun Nichols
Tip 14 Apr 2022
The management approach for internal vs. external APIs

While internal and external APIs don't differ much mechanically, there are some important contrasts when it comes to certain API design and lifecycle management issues. Continue Reading
By
- Chris Tozzi
Tip 11 Apr 2022
3 ways to retool UC platform security architecture models

The security gap created when remote workers use unified communications to collaborate can be erased through tools designed to augment traditional security mechanisms. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Tip 11 Apr 2022
6 enterprise secure file transfer best practices

Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Tip 07 Apr 2022
Should companies ask for a SaaS software bill of materials?

Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
By
- Ed Moyle, Drake Software
Definition 05 Apr 2022
content filtering

Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
- Andrew Zola
Feature 04 Apr 2022
How to implement OpenID Connect for single-page applications

The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Feature 04 Apr 2022
How to use OpenID Connect for authentication

OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
By
- Kyle Johnson, Technology Editor