Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC

DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
By
- Colin Domoney

News 08 Oct 2021
Admins: Patch management is too complex and cumbersome

A new survey from Ivanti shows a majority of administrators and infosec professionals feel the shift to decentralized workspaces has made patch management an even bigger headache. Continue Reading
By
- Shaun Nichols
Definition 08 Oct 2021
cryptographic nonce

A nonce is a random or semi-random number that is generated for a specific use. Continue Reading
By
- Ben Lutkevich, Site Editor
Guest Post 04 Oct 2021
5 principles for AppSec program maturity

Applications remain a top cause of external data breaches. Follow these five principles to achieve application security program maturity. Continue Reading
By
- Nabil Hannan
Definition 01 Oct 2021
IP spoofing

Internet Protocol (IP) spoofing is a type of malicious attack where the threat actor hides the true source of IP packets to make it difficult to know where they came from. Continue Reading
By
- Ben Lutkevich, Site Editor
- Linda Rosencrance
News 30 Sep 2021
FireEye and McAfee Enterprise announce product mashup

Merger-happy investment firm STG has let slip that it will integrate the product lines of McAfee Enterprise and FireEye. Analysts say it will be a challenging road ahead. Continue Reading
By
- Shaun Nichols
Feature 30 Sep 2021
6 reasons unpatched software persists in the enterprise

Patching is like flossing -- everyone knows they should do it, yet too few do it often and well. Explore why unpatched software is still ubiquitous, despite the risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 28 Sep 2021
Microsoft releases emergency Exchange Server mitigation tool

Microsoft turned its attention to organizations that are slower to patch by releasing an emergency mitigation tool as a temporary fix against current threats. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Sep 2021
Microsoft details 'OMIGOD' Azure vulnerability fixes, threats

Microsoft fixed the open source OMI software during last week's Patch Tuesday, but the tech giant has struggled to get the updated agents to Azure customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Sep 2021
‘OMIGOD’ vulnerabilities put Azure customers at risk

OMI, the software agent at the center of a remote code execution flaw, is "just one example" of silent, pre-installed software in cloud environments, according to one researcher. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Sep 2021
Google patches actively exploited Chrome zero-days

Two more vulnerabilities in Google's web browser joined a growing list of Chrome zero-days that have been actively exploited in the wild this year. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Sep 2021
'Azurescape': New Azure vulnerability fixed by Microsoft

The Azure Container Instances vulnerability would have allowed malicious actors to execute code on other customers' containers, but there have been no reports of exploitation. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Sep 2021
ProxyShell attacks ramping up on unpatched Exchange Servers

Security experts say active attacks on the series of Microsoft Exchange Server flaws, which can be chained to take control of servers, are already being launched in the wild. Continue Reading
By
- Shaun Nichols
News 01 Sep 2021
Atlassian Confluence flaw under active attack

Administrators are advised to patch immediately after security experts confirmed mass scanning and exploits against a critical remote code execution vulnerability. Continue Reading
By
- Shaun Nichols
News 30 Aug 2021
New 'ProxyToken' Exchange Server vulnerability disclosed

The Exchange Server vulnerability could allow an attacker 'to copy all emails addressed to a target and account and forward them to an account controlled by the attacker.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 27 Aug 2021
Researchers discover critical flaw in Azure Cosmos DB

Wiz security researchers found a new attack vector in Microsoft Azure, which if exploited could allow an attacker to gain access to customers primary keys. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 27 Aug 2021
How to navigate cybersecurity product coverage

Cybersecurity tools are complex. It can be difficult for organizations to know which tools do what, and which tools they need -- or don't. Continue Reading
By
- Rohit Dhamankar
News 26 Aug 2021
Microsoft finally issues ProxyShell security advisory

The ProxyShell advisory includes a call to patch, as well as details on which Exchange servers are vulnerable. In short: Those without the May security update are unprotected. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 26 Aug 2021
Risk & Repeat: ProxyShell problems mount

CISA warned threat actors have begun exploiting the dangerous ProxyLogon flaws, but tens of thousands of vulnerable Microsoft Exchange servers remain online. Continue Reading
By
- Rob Wright, Senior News Director
News 25 Aug 2021
Bugs aplenty as VMware, Cisco and F5 drop security updates

Two critical updates from Cisco, remote code execution flaws in F5's Big-IP, and a half-dozen VMware security holes are among the more pressing issues for admins to address. Continue Reading
By
- Shaun Nichols
News 23 Aug 2021
CISA: ProxyShell flaws being actively exploited, patch now

Security researchers weighed in with evidence of ProxyShell exploitation by threat actors using malicious web shells and a new ransomware variant called 'LockFile.' Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Aug 2021
Many Exchange servers still vulnerable to ProxyLogon, ProxyShell

Tens of thousands of Exchange servers are still vulnerable to ProxyLogon and ProxyShell, and security researchers estimate honeypots represent only a small slice of those systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Aug 2021
New ransomware crew hammers on PrintNightmare bugs

PrintNightmare, the Microsoft print spooler flaws patched in July, is the favorite target for a new ransomware group known as Vice Society, according to Cisco Talos. Continue Reading
By
- Shaun Nichols
News 12 Aug 2021
Microsoft discloses new print spooler flaw without patch

The latest flaw in Windows print spooler software, which has yet to be patched, comes weeks after the PrintNightmare vulnerability and other related bugs. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 11 Aug 2021
Cloud-native security benefits and use cases

'Cloud native' has described applications and services for years, but its place in security is less clear. Get insight into cloud-native security from expert Dave Shackleford. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 10 Aug 2021
11 video conferencing security and privacy best practices

Video conferencing tools are a remote worker's lifeline. As such, it is essential to maintain their security. These 11 best practices will help ensure secure, private, video-enabled meetings. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 05 Aug 2021
Mandiant: Microsoft 365 the 'Holy Grail' for nation-state hackers

Mandiant researchers discussed mailbox compromises, app registration abuse and new extensions of the Golden SAML attack technique against Microsoft 365 at Black Hat 2021. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Jul 2021
DOS (disk operating system)

A DOS, or disk operating system, is an operating system that runs from a disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS, an acronym for Microsoft DOS. Continue Reading
By
- Michael Cobb
Definition 28 Jul 2021
buffer overflow

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Continue Reading
By
- Michael Cobb
News 27 Jul 2021
Open source web app projects hailed for quickly patching bugs

Nine vulnerabilities in three popular open source SMB tools were cleaned up within 24 hours after Rapid7 reported the flaws to their development teams. Continue Reading
By
- Shaun Nichols
News 21 Jul 2021
U.K. man arrested in connection with 2020 Twitter breach

A 22-year-old U.K. resident was arrested in Spain and will face extradition on charges related to a social engineering operation that netted big-name Twitter accounts. Continue Reading
By
- Shaun Nichols
News 21 Jul 2021
Hackers embrace 5-day workweeks, unpatched vulnerabilities

Bad guys are taking the weekends off too, according to Barracuda Networks, and old bugs that should have been patched months ago continue to be the most-targeted vulnerabilities. Continue Reading
By
- Shaun Nichols
Answer 15 Jul 2021
How to prevent software piracy

Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
By
- Michael Cobb
- Mike Rothman, Securosis
News 14 Jul 2021
Microsoft's 'PrintNightmare' lingers, requires new patches

July's Patch Tuesday update includes critical fixes, but one well-known remote code execution bug might remain open for those with specific registry key settings. Continue Reading
By
- Shaun Nichols
News 13 Jul 2021
Why patching vulnerabilities is still a problem, and how to fix it

Patching is still a struggle for many organizations, and challenges include limited resources, technical debt, decentralized infrastructure and much more. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 30 Jun 2021
Common Linux vulnerabilities admins need to detect and fix

Server admins need to prepare for a variety of common Linux vulnerabilities, from software and hardware vulnerabilities to employee-created ones and even digital espionage. Continue Reading
By
- Kyle Johnson, Technology Editor
- Wiley Publishing
Feature 30 Jun 2021
How to implement Linux security best practices

When setting up security for a company's infrastructure, admins need to focus on backups, patch management and regular vulnerability scans. Continue Reading
By
- Kyle Johnson, Technology Editor
News 24 Jun 2021
Atlassian moves to lock down accounts from takeover bugs

Check Point Research uncovered a set of flaws that, if chained together, would have enabled attackers to hijack accounts with single sign-on enabled. Continue Reading
By
- Shaun Nichols
News 24 Jun 2021
Dell BIOSConnect flaws affect 30 million devices

Eclypsium researchers discovered vulnerabilities that, if exploited, can allow remote code execution in a pre-boot environment for 128 different Dell products. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jun 2021
Apple issues patches for two more WebKit zero-days

Apple said both WebKit zero-days, which affect older iOS devices, have reportedly been exploited in the wild, but further details about the threat activity are unknown. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 27 May 2021
Apiiro wins RSA Conference Innovation Sandbox Contest

Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks. Continue Reading
By
- Rob Wright, Senior News Director
Tip 13 May 2021
Container vs. VM security: Which is better?

Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy. Continue Reading
By
- Ed Moyle, Drake Software
Answer 13 May 2021
What's the difference between sandboxes vs. containers?

Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases. Continue Reading
By
- Ed Moyle, Drake Software
- Matthew Pascucci
News 06 May 2021
Popular mobile apps leaking AWS keys, exposing user data

Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk. Continue Reading
By
- Shaun Nichols
Feature 29 Apr 2021
Learn how to mitigate container security issues

The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods. Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 29 Apr 2021
Adopting containers and preventing container security risks

When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching. Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 27 Apr 2021
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 27 Apr 2021
Collaboration is key to a secure web application architecture

Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
By
- Katie Donegan, Social Media Manager
News 21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities

SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Apr 2021
NSA finds new Exchange Server vulnerabilities

Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Apr 2021
McAfee: PowerShell threats grew 208% in Q4 2020

McAfee's latest threat report showed a sharp increase in PowerShell threats between Q3 and Q4 2020, in part due to malware known as Donoff and a rise in ransomware detections. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Mar 2021
Black Kingdom ransomware foiled through Mega password change

The Black Kingdom ransomware targeting Exchange servers uses an unusual encryption key method that was foiled due to a password being changed at cloud storage service Mega. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Mar 2021
'Black Kingdom' ransomware impacting Exchange servers

Both ransomware and scareware variants of Black Kingdom have been reported in attacks against vulnerable Exchange servers, but the reason for this remains unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Mar 2021
RiskIQ: 69,548 Microsoft Exchange servers still vulnerable

Security intelligence vendor RiskIQ found that 69,548 servers remained unpatched as of Sunday and are vulnerable to attacks, with nearly 17,000 servers located in the U.S. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Mar 2021
Microsoft releases tools as Exchange Server attacks increase

Microsoft said it's seen increased Exchange Server attacks, as well as more threat actors beyond the Chinese state-sponsored Hafnium group conducting attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 03 Mar 2021
Microsoft Exchange Server zero-days exploited in the wild

Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Feb 2021
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 22 Feb 2021
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
By
- Kyle Johnson, Technology Editor
News 10 Feb 2021
Researcher used open source supply chain to breach tech giants

Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Feb 2021
How a social engineering campaign fooled infosec researchers

Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them. Continue Reading
By
- Arielle Waldman, News Writer
Quiz 22 Dec 2020
Quiz: Web application security threats and vulnerabilities

Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz. Continue Reading
By
- Sharon Shea, Executive Editor
Guest Post 08 Dec 2020
5 myths about putting security into CI/CD pipelines

Companies looking to introduce security testing earlier into software development must look past myths and understand what to realistically expect before creating their strategy. Continue Reading
By
- Dan Cornell
News 08 Dec 2020
Forescout reports 33 new TCP/IP vulnerabilities

The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Nov 2020
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By
- Michael Cobb
Tip 17 Nov 2020
Choosing between proxy vs. API CASB deployment modes

Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading
By
- Ed Moyle, Drake Software
Feature 15 Oct 2020
The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
By
- Michael Heller, TechTarget
Feature 29 Sep 2020
Oversee apps with these 3 application security testing tools

Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity. Continue Reading
By
- Michael Cobb
News 24 Sep 2020
Microsoft detects Netlogon vulnerability exploitation in the wild

While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
Feature 18 Sep 2020
Security for SaaS applications starts with collaboration

Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading
By
- Alicia Landsberg, Senior managing Editor
News 17 Sep 2020
Maze ransomware gang uses VMs to evade detection

A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
Tip 15 Sep 2020
3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
By
- Michael Cobb
News 25 Aug 2020
'Meow' attacks top 25,000 exposed databases, services

One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 18 Aug 2020
'Secure by Design' principles include failures, exceptions

Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 18 Aug 2020
Exception handling best practices call for secure code design

Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading
By
- Sharon Shea, Executive Editor
- Manning Publications Co.
News 12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2020
10 years after Stuxnet, new zero-days discovered

A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2020
Not just politics: Disinformation campaigns hit enterprises, too

In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Continue Reading
By
- Rob Wright, Senior News Director
Opinion 03 Aug 2020
The case for cybersecurity by design in application software

Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
By
- Michael Cobb
Tip 03 Aug 2020
How to shift from DevOps to DevSecOps

A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading
By
- Mike Chapple, University of Notre Dame
03 Aug 2020

The case for cybersecurity by design in application software

Continue Reading
Tip 31 Jul 2020
How to mitigate an HTTP request smuggling vulnerability

Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 30 Jul 2020
'Meow' attacks continue, thousands of databases deleted

More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Jul 2020
'Meow' attacks wipe more than 1,000 exposed databases

A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jul 2020
'SigRed' alert: Experts urge action on Windows DNS vulnerability

Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jul 2020
Attackers find new way to exploit Docker APIs

Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jul 2020
Critical F5 Networks vulnerability under attack

A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches

Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jun 2020
Open source vulnerabilities down 20% in 2019

Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Jun 2020
CISA warns Microsoft SMB v3 vulnerability is under attack

CISA issued an alert Friday about attacks on a Microsoft Server Message Block v3 vulnerability and a proof-of-concept code that exploits the flaw in unpatched systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 08 Jun 2020
Benefits of open source container vulnerability scanning

Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading
By
- Ed Moyle, Drake Software
News 02 Jun 2020
VMware vulnerability enables takeover of cloud infrastructure

A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 May 2020
Supply chain attack hits 26 open source projects on GitHub

Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub. Continue Reading
By
- Arielle Waldman, News Writer
Feature 20 May 2020
IT and security teams collide as companies work from home

The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security. Continue Reading
By
- Jonathan Meyers, Guest Contributor
Quiz 20 May 2020
Use these CCSK practice questions to prep for the exam

Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
News 07 May 2020
Advanced Computer Software leak exposes nearly 200 law firms

Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 May 2020
GitHub security features tackle data exposures, vulnerabilities

In in effort to curb accidental data exposures in repositories, GitHub unveiled a new 'secret' scanning tool that examines public and private code repositories for sensitive data. Continue Reading
By
- Rob Wright, Senior News Director
Feature 05 May 2020
The what, why and how of the Spring Security architecture

Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
By
- Katie Donegan, Social Media Manager
- Manning Publications Co.
Feature 05 May 2020
Why developers need to know the Spring Security framework

The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities. Continue Reading
By
- Katie Donegan, Social Media Manager
- Manning Publications Co.
Tip 29 Apr 2020
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By
- Michael Cobb