Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Tip
16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC
DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
-
News
12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack
The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
09 May 2022
The top secure software development frameworks
Keeping security top of mind when developing software is paramount. Learn how to incorporate security into the SDLC with the top secure software development frameworks. Continue Reading
By -
News
05 May 2022
Hackers exploit vulnerable Adminer for AWS database thefts
Mandiant researchers spotted a threat group using an exploit for older versions of Adminer to get their hands on metadata that included secret keys for AWS accounts. Continue Reading
-
News
05 May 2022
Google cloud misconfiguration poses risk to customers
Cloud security vendor Mitiga discovered 'dangerous functionality' in the Google Cloud Platform that could allow attackers to compromise virtual machines. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
29 Apr 2022
Is cloud critical infrastructure? Prep now for provider outages
The cloud has quickly become critical infrastructure to many organizations. Learn about the top cloud provider outages, and discover tips on preventing disruption during downtime. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
28 Apr 2022
Phishing attacks benefiting from shady SEO practices
Cybercriminals running phishing operations are now making use of SEO specialists that break Google's rules to get themselves placed above legitimate search results to lure victims. Continue Reading
-
Tip
26 Apr 2022
Windows Server 2022 security hardening guide for admins
Emerging threats continue to target the Windows ecosystem, but there are multiple methods to make it tougher to be the victim of a malicious hack attempt. Continue Reading
By -
News
25 Apr 2022
LemonDuck botnet evades detection in cryptomining attacks
While the botnet is not new, it appears operators are honing their skills and evading Alibaba Cloud's monitoring service to take advantage of rising cryptocurrency prices. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
22 Apr 2022
Unethical vulnerability disclosures 'a disgrace to our field'
The cybersecurity field needs more people who use their powers for good, the lead author of Gray Hat Hacking: The Ethical Hacker's Handbook, Sixth Edition says. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
21 Apr 2022
Cryptocurrency theft leaves Beanstalk Farms' future in doubt
Beanstalk Farms' founders confirmed they found many aspects of activity during the attack 'strange' but saw no reason for concern. Now, the company's future is uncertain. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Apr 2022
Attack on Beanstalk Farms results in $182M loss
High payouts and security weaknesses make cryptocurrency a growing target, which was highlighted even further in the latest attack involving virtual currency and a DeFi platform. Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Apr 2022
Critical Windows RPC vulnerability raises alarm
Security experts warn that a newly disclosed vulnerability in a critical Windows networking component is opening the door for remote takeover attacks. Continue Reading
-
Tip
14 Apr 2022
The management approach for internal vs. external APIs
While internal and external APIs don't differ much mechanically, there are some important contrasts when it comes to certain API design and lifecycle management issues. Continue Reading
By -
Tip
11 Apr 2022
3 ways to retool UC platform security architecture models
The security gap created when remote workers use unified communications to collaborate can be erased through tools designed to augment traditional security mechanisms. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Tip
11 Apr 2022
6 enterprise secure file transfer best practices
Employees can share files with the click of a button -- but don't let the efficiency fool you. Use these secure file transfer best practices to avoid exposing confidential data. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Tip
07 Apr 2022
Should companies ask for a SaaS software bill of materials?
Though it isn't commonplace to ask for a SaaS software bill of materials, one can be beneficial for both SaaS providers and their customers. Learn why. Continue Reading
By- Ed Moyle, Drake Software
-
Definition
05 Apr 2022
content filtering
Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Andrew Zola
-
Feature
04 Apr 2022
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications. Continue Reading
By- Kyle Johnson, Technology Editor
- Manning Publications Co.
-
Feature
04 Apr 2022
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
01 Apr 2022
Zimperium acquired by Liberty Strategic Capital for $525M
Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
31 Mar 2022
Spring Framework vulnerabilities sow confusion, concern
Two different remote code execution vulnerabilities in a Java developer tool caused considerable confusion after one of the flaws was leaked online as a zero-day. Continue Reading
-
Guest Post
28 Mar 2022
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
By- Manjunath Bhat
-
News
22 Mar 2022
F-Secure splits in two as WithSecure launches
The Finnish security vendor's enterprise business sets off on its own as a new brand called WithSecure, while F-Secure will continue to operate the consumer side of the business. Continue Reading
-
News
21 Mar 2022
Cryptocurrency companies impacted by HubSpot breach
A compromised employee account at HubSpot led to the breach of several companies' customers in the cryptocurrency industry. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Tutorial
21 Mar 2022
NetOps vs. DevOps vs. NetSecOps: What's the difference?
DevOps, NetOps and NetSecOps ... oh my! These IT concepts have their differences, but at the end of the day, they're family. Here's how they relate. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
17 Mar 2022
JavaScript apps hit with pro-Ukraine supply chain attack
A popular JavaScript package was sabotaged by its developer and seeded with messages in support of Ukraine in what has become a supply chain attack. Continue Reading
-
News
15 Mar 2022
SentinelOne acquires Attivo Networks for $617M
SentinelOne is acquiring Attivo Networks for a $616.5 million price tag and plans to merge the company's identity threat detection services with its XDR offering. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
10 Mar 2022
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
News
09 Mar 2022
Critical Exchange Server bug fixed for March Patch Tuesday
The vulnerability on the on-premises mail server system is one of just three critical flaws from a total of 71 bugs corrected in Microsoft products this month. Continue Reading
By- Tom Walat, Site Editor
-
Definition
08 Mar 2022
security identifier (SID)
In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
03 Mar 2022
Intel touts security improvements in 12th-gen Core CPUs
Intel is courting enterprises with a new line of Core vPro CPUs that boast improved security protections ranging from firmware and OS to memory. Continue Reading
-
Definition
03 Mar 2022
Open Web Application Security Project (OWASP)
The Open Web Application Security Project (OWASP) is a nonprofit foundation that provides guidance on how to develop, purchase and maintain trustworthy and secure software applications. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Feature
28 Feb 2022
Implement API rate limiting to reduce attack surfaces
Rate limiting can help developers prevent APIs from being overwhelmed with requests, thus preventing denial-of-service attacks. Learn how to implement rate limiting here. Continue Reading
By- Kyle Johnson, Technology Editor
- Manning Publications Co.
-
Feature
28 Feb 2022
API security methods developers should use
Developers can reduce the attack surface by implementing security early in the API development process and knowing methods to secure older APIs that can't be deprecated. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
25 Feb 2022
(ISC)2 study finds long remediation times for Log4Shell
An (ISC)2 survey of cybersecurity professionals found Log4Shell remediation for many organizations took several weeks or more than a month, requiring work on weekends and holidays. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
Definition
25 Feb 2022
Internet Key Exchange (IKE)
Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN). Continue Reading
By- Andrew Zola
- Alexander S. Gillis, Technical Writer and Editor
-
News
17 Feb 2022
FBI: BEC attacks spreading to virtual meetings
Since the start of the COVID-19 pandemic, many workplaces have shifted to virtual meeting platforms, and the FBI warned that threat actors have taken note. Continue Reading
By- Peyton Doyle, News Editorial Assistant
-
News
17 Feb 2022
Snyk enters cloud security market with Fugue acquisition
Analysts say the acquisition of Fugue will give Snyk an opportunity to build a presence in the cloud security market and strengthen its infrastructure-as-code capabilities. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
17 Feb 2022
Shifting security left requires a GitOps approach
Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
By- Melinda Marks, Practice Director
-
Tip
09 Feb 2022
How to successfully scale software bills of materials usage
Companies must plan properly when implementing software bills of materials at scale. Accomplish these three goals to keep SBOMs updated, accurate and actionable, despite complexity. Continue Reading
By- Ed Moyle, Drake Software
-
News
09 Feb 2022
After rough January, IT gets a mild February Patch Tuesday
With one public disclosure and not a critical vulnerability in sight, administrators will have time to recover from the roller coaster of patch problems from last month. Continue Reading
By- Tom Walat, Site Editor
-
News
08 Feb 2022
Microsoft disables VBA macros by default
Microsoft's change in the default settings of five Office applications aims to shut down a widely used and longstanding threat vector to enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
News
02 Feb 2022
More than 1,000 malware packages found in NPM repository
Researchers with WhiteSource were able to find some 1,300 examples of malware hiding under the guise of legitimate JavaScript packages on the NPM repository. Continue Reading
-
Tip
01 Feb 2022
Network security gets a boost in Windows Server 2022
Secured-core server is a major new security feature in Windows Server 2022, but Microsoft also introduced multiple ways to keep network connections protected in its new server OS. Continue Reading
By -
Opinion
31 Jan 2022
IaC security options help reduce software development risk
The use of infrastructure as code is increasing among developers, but security teams can take advantage of a growing number of tools to make sure IaC doesn't increase risk. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
28 Jan 2022
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
By -
Answer
25 Jan 2022
What is shellcode and how is it used?
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading
By -
News
24 Jan 2022
Monero and the complicated world of privacy coins
Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
21 Jan 2022
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
20 Jan 2022
Crypto.com confirms $35M lost in cyber attack
The cryptocurrency exchange had claimed no customer funds were lost in the recent cyber attack, but now admits 4,836.26 ETH and 443.93 bitcoin was stolen. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
20 Jan 2022
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Definition
19 Jan 2022
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Rob Wright, Senior News Director
-
News
18 Jan 2022
Cryptocurrency exchange Crypto.com hit by cyber attack
The cryptocurrency exchange said it detected unauthorized activity on some user accounts over the weekend, but questions remain on the severity of the attacks. Continue Reading
By- Arielle Waldman, News Writer
-
News
12 Jan 2022
Exchange Server woes continue on January Patch Tuesday
Exchange Server admins who had to cope with a Y2K22 error to start the new year have three more vulnerabilities of varying levels of severity to resolve for Patch Tuesday. Continue Reading
By- Tom Walat, Site Editor
-
Definition
11 Jan 2022
Rijndael
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm. Continue Reading
By -
News
10 Jan 2022
Chainalysis: Cryptocurrency crime reaches all-time high
While illicit activity peaked at $14 billion in 2021, Chainalysis said it's a drop in the bucket compared with overall transactions amid 'roaring adoption' of cryptocurrency. Continue Reading
By- Arielle Waldman, News Writer
-
News
10 Jan 2022
VMware ESXi 7 users vulnerable to hypervisor takeover bug
A recent security update addressed a hypervisor takeover vulnerability in several VMware products, but the patch omitted one key server platform in ESXi 7. Continue Reading
-
News
06 Jan 2022
New Zloader attacks thwarting Microsoft signature checks
Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
28 Dec 2021
Encrypting File System (EFS)
Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS. Continue Reading
By -
Guest Post
28 Dec 2021
How to make security accessible to developers
Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
By- Aakash Shah, Om Vyas
-
News
23 Dec 2021
ManageEngine attacks draw warning from FBI
The FBI said a vulnerability in the ManageEngine Desktop Central IT management tool is being used by APT actors in targeted network attacks dating back to October. Continue Reading
-
Definition
23 Dec 2021
domain controller
A domain controller is a type of server that processes requests for authentication from users within a computer domain. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Tip
22 Dec 2021
Cybersecurity asset management takes ITAM to the next level
Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
Tip
21 Dec 2021
How to mitigate Log4Shell, the Log4j vulnerability
The easy-to-exploit Log4j vulnerability known as Log4Shell is dangerous and must be dealt with as soon as possible. Get pointers on how to mitigate and monitor the threat. Continue Reading
By -
News
20 Dec 2021
Log4j 2.17.0 fixes newly discovered exploit
The Log4j 2.17.0 update is the third of its kind since Log4Shell was disclosed and the mass exploitation began. Versions 2.15.0 and 2.16.0 patched remote code execution bugs. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Dec 2021
Apple v. NSO Group: How will it affect security researchers?
While the full extent of impact won't be revealed until the lawsuit concludes, negative impacts on security researchers are possible. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Dec 2021
Critical bugs could go unpatched amid Log4j concern
Many organizations are focused on finding and patching Log4Shell, but there are other vulnerabilities, including Patch Tuesday bugs, already under active exploitation. Continue Reading
-
Podcast
17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
By- Rob Wright, Senior News Director
-
News
15 Dec 2021
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
-
News
15 Dec 2021
Log4Shell flaw looms over December Patch Tuesday
Microsoft issued security updates for 67 CVEs, including a Windows AppX Installer zero-day, but a Java-based vulnerability has many IT departments on edge. Continue Reading
By- Tom Walat, Site Editor
-
News
14 Dec 2021
Log4Shell: Experts warn of bug's severity, reach
Check Point Research said in a blog post 'anyone can make a Log4Shell exploit,' as it only requires a single string of malicious code. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
14 Dec 2021
4 API authentication methods to better protect data in transit
The API attack surface isn't always well protected. Learn about the authentication methods your company can use to secure its APIs. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Definition
14 Dec 2021
What is a micro VM (micro virtual machine)?
A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system. Continue Reading
By- Stephen J. Bigelow, Senior Technology Editor
- Sharon Shea, Executive Editor
-
News
13 Dec 2021
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
-
News
13 Dec 2021
Critical Log4j flaw exploited a week before disclosure
The Apache Software Foundation first found out about the Log4j 2 vulnerability in late November, but Cisco and Cloudflare detected exploitation in the wild shortly after. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
13 Dec 2021
password salting
Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them. Continue Reading
By -
News
10 Dec 2021
Critical Apache Log4j 2 bug under attack; mitigate now
The Log4j 2 flaw has a base CVSS score of 10 and enables remote code execution against applications, cloud services and PC games with vulnerable configurations. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
10 Dec 2021
Recent quantum computing advances point to brighter future
The past year saw a handful of breakthrough technologies from IBM and Honeywell, bringing the future promises of quantum computing closer to a present-day reality. Continue Reading
By- Ed Scannell, Freelancer
-
Opinion
09 Dec 2021
Cloud application developers need built-in security
Enterprises plan to increase cloud application security spending in 2022. Find out how security vendors and cloud application developers can meet their needs. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
09 Dec 2021
17 Discord malware packages found in NPM repository
These latest reports of Discord malware follow a trend of threat actors using open source software repositories to host malware, two JFrog researchers said. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
09 Dec 2021
OCSP (Online Certificate Status Protocol)
OCSP (Online Certificate Status Protocol) is one of two common schemes used to maintain the security of a server and other network resources. Continue Reading
By -
News
07 Dec 2021
Cambridge Quantum delivers first quantum encryption keys
Cambridge Quantum, newly merged with Honeywell's Quantum Solutions division, has debuted the first as-a-service cryptographic key generator for quantum computing. Continue Reading
By- Ed Scannell, Freelancer
-
News
01 Dec 2021
BlackByte ransomware attacks exploiting ProxyShell flaws
Red Canary said BlackByte's campaign is using wormable ransomware against organizations vulnerable to ProxyShell flaws in Microsoft Exchange. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
30 Nov 2021
Windows Installer zero-day under active exploitation
McAfee said the Windows Installer vulnerability is being exploited in 23 countries around the world, including the United States, China, India and others. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
23 Nov 2021
Researcher drops instant admin Windows zero-day bug
A newly-disclosed zero-day vulnerability in Windows could potentially allow local users to elevate their permissions to administrator status, and Microsoft has yet to post a fix. Continue Reading
-
Definition
23 Nov 2021
cookie poisoning
Cookie poisoning is a type of cyber attack in which a bad actor hijacks, forges, alters or manipulates a cookie to gain unauthorized access to a user's account, open a new account in the user's name or steal the user's information for purposes such as identity theft. Continue Reading
By -
Guest Post
16 Nov 2021
3 ways to balance app innovation with app security
New innovations come with an onslaught of risks and vulnerabilities. Use these three concepts to promote innovation, while ensuring web application security. Continue Reading
By- Mark Ralls
-
News
15 Nov 2021
Microsoft releases out-of-band update for Windows Server
Less than a week after November's Patch Tuesday, Microsoft released an unscheduled security update for Windows Server to address an authentication vulnerability. Continue Reading
-
News
09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
-
Definition
05 Nov 2021
cross-site scripting (XSS)
Cross-site scripting (XSS) is a type of injection attack in which a threat actor inserts data, such as a malicious script, into content from otherwise trusted websites. Continue Reading
By- Ben Lutkevich, Site Editor
- Linda Rosencrance
-
Definition
05 Nov 2021
cache poisoning
Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users. Continue Reading
By -
News
03 Nov 2021
CISA requires agencies to patch nearly 300 vulnerabilities
The Cybersecurity and Infrastructure Security Agency issued a directive for government agencies that requires patching for hundreds of known software security vulnerabilities. Continue Reading
-
News
02 Nov 2021
Trojan Source bugs enable 'invisible' source code poisoning
A pair of flaws in nearly every popular programming language enables attackers to hide malicious code in plain sight without the ability to be detected prior to compiling. Continue Reading
-
Feature
28 Oct 2021
Amid explosive growth, API security a growing concern
APIs are expanding exponentially across the technology landscape and creating a vast attack surface that enterprise security teams are struggling to understand and defend. Continue Reading
By- Arielle Waldman, News Writer
-
Guest Post
28 Oct 2021
Applying security to operating models requires collaboration
Balancing business needs with security is more important than ever. Integrating operating models with reference architectures is a key step in the process. Continue Reading
By- Altaz Valani
-
Definition
25 Oct 2021
payload (computing)
In computing, a payload is the carrying capacity of a packet or other transmission data unit. Continue Reading
By- Andrew Froehlich, West Gate Networks
- Peter Loshin, Former Senior Technology Editor
-
Definition
21 Oct 2021
script kiddie
Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
08 Oct 2021
Admins: Patch management is too complex and cumbersome
A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache. Continue Reading
-
Definition
08 Oct 2021
cryptographic nonce
A nonce is a random or semi-random number that is generated for a specific use. Continue Reading
By- Ben Lutkevich, Site Editor