Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Tip
16 Dec 2024
7 DevSecOps tools to secure each step of the SDLC
DevSecOps tools come in many shapes and sizes, helping organizations do everything from discovering software vulnerabilities to preventing software supply chain data breaches. Continue Reading
-
News
12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack
The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
14 Apr 2020
Bot management drives ethical data use, curbs image scraping
Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
By- Sandy Carielli
-
Podcast
09 Apr 2020
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction. Continue Reading
By- Rob Wright, Senior News Director
-
News
06 Apr 2020
Zoom takes new security measures to counter 'Zoombombing'
Zoom has implemented two key security and privacy measures in order to counter 'Zoombombing.' One enables passwords in meetings by default, while the second creates waiting rooms. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
02 Apr 2020
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices. Continue Reading
By- Rob Wright, Senior News Director
-
News
02 Apr 2020
Zoom zero-day vulnerabilities patched a day after disclosure
An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
30 Mar 2020
Best practices for threat modeling service mesh, microservices
In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
25 Mar 2020
How to prevent buffer overflow attacks
Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By- Sharon Shea, Executive Editor
-
News
11 Mar 2020
Microsoft discloses wormable SMBv3 flaw without a patch
Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
27 Feb 2020
How to use TODO comments for secure software development
Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production. Continue Reading
By -
Feature
27 Feb 2020
Windows IIS server hardening checklist
Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use. Continue Reading
By -
Feature
26 Feb 2020
Security testing web applications and systems in the modern enterprise
Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
26 Feb 2020
Software security testing and software stress testing basics
In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program. Continue Reading
By- Sharon Shea, Executive Editor
- McGraw Hill Education
-
Opinion
26 Feb 2020
RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login
Security-focused conferences are my time to shine--and geek out on the latest in security news. Continue Reading
By- Kyle Johnson, Technology Editor
-
Answer
06 Feb 2020
How to combat the top 5 enterprise social media risks in business
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By- Katie Donegan, Social Media Manager
- Ed Skoudis, SANS Technology Institute
-
News
24 Jan 2020
Citrix patches vulnerability as ransomware attacks emerge
Citrix rolls out more patches ahead of schedule for CVE-2019-19781, a directory traversal vulnerability that affects Citrix ADC, Gateway and SD-WAN WANOP products. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
21 Jan 2020
Lyft's open source asset tracking tool simplifies security
Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading
By- Ed Moyle, Drake Software
-
News
15 Jan 2020
NSA reports flaw in Windows cryptography core
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
By- Michael Heller, TechTarget
-
Feature
14 Jan 2020
5 application security threats and how to prevent them
The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
13 Jan 2020
Signal Sciences: Enterprises still overlooking web app security
Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Answer
13 Jan 2020
7 TCP/IP vulnerabilities and how to prevent them
While many TCP/IP security issues are in the protocol suite's implementation, there are some vulnerabilities in the underlying protocols to be aware of. Continue Reading
By- Sharon Shea, Executive Editor
-
News
13 Dec 2019
Google expands multiple Chrome password protection features
Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
By -
Feature
11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools
Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
02 Dec 2019
Exposed Firebase databases hidden by Google search
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
By- Rob Wright, Senior News Director
-
News
13 Nov 2019
ZombieLoad v2 disclosed, affects newest Intel chips
Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
By- Michael Heller, TechTarget
-
Tip
12 Nov 2019
How container adoption affects container security
Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago. Continue Reading
By- Ed Moyle, Drake Software
-
News
06 Nov 2019
Firefox bug is enabling attackers to freeze out users
A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
By- Michael Heller, TechTarget
-
Definition
05 Nov 2019
application whitelisting
Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading
By- Brien Posey
- Peter Loshin, Former Senior Technology Editor
-
News
01 Nov 2019
Threat Stack Application Security Monitoring adds Python support
Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code. Continue Reading
By -
News
31 Oct 2019
Adsterra still connected to malvertising campaign, despite denials
Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
18 Oct 2019
DevSecOps model requires security get out of its comfort zone
Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
11 Oct 2019
Palo Alto Networks launches new version of Demisto SOAR platform
New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users. Continue Reading
By -
News
09 Oct 2019
Twitter 2FA data 'inadvertently' used for advertising
Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time. Continue Reading
By- Michael Heller, TechTarget
-
Feature
07 Oct 2019
To secure DevOps, break culture and tooling barriers
The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
07 Oct 2019
The 3 pillars of a DevSecOps model
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
By- Sharon Shea, Executive Editor
- Manning Publications Co.
-
Tip
04 Oct 2019
Virtual network security measures to thwart access threats
Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading
By- Tom Nolle, Andover Intel
-
News
24 Sep 2019
Cloudflare battles malicious bots with 'fight mode'
Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading
By- Michael Heller, TechTarget
-
Tip
19 Sep 2019
How to encrypt and secure a website using HTTPS
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Mike Chapple, University of Notre Dame
-
Tip
12 Sep 2019
What it takes to be a DevSecOps engineer
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
By -
News
10 Sep 2019
Gigamon launches platform to improve application visibility
Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
-
Tip
27 Aug 2019
Complexity requires new cloud-based patch management strategies
Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
23 Aug 2019
DARPA unveils first SSITH prototype to mitigate hardware flaws
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches. Continue Reading
By- Michael Heller, TechTarget
-
Answer
23 Aug 2019
What's the best way to prevent XSS attacks?
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid. Continue Reading
-
Answer
20 Aug 2019
Why is patch management important?
Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Opinion
20 Aug 2019
How does Menlo Security’s remote browser compare in an ever more crowded space?
There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
By -
Tip
16 Aug 2019
DevOps security checklist requires proper integration
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
By -
Feature
08 Aug 2019
CEO on collaboration tool security, insider threats, skills gap
Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
07 Aug 2019
Black Hat 2019 keynote: Software teams must own security
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
By- Michael Heller, TechTarget
-
Tip
05 Aug 2019
How to start building a DevSecOps model
To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams. Continue Reading
By -
News
17 Jul 2019
BlueKeep blues: More than 800,000 systems still unpatched
Despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed. Continue Reading
By- Rob Wright, Senior News Director
-
News
17 Jul 2019
E-commerce platforms used for domain spoofing against Best Buy
Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down. Continue Reading
By- Rob Wright, Senior News Director
-
News
12 Jul 2019
Zoom vulnerability reveals privacy issues for users
Companies and users around the world were impacted by a Zoom conferencing software flaw that could allow threat actors to forcibly join a video call without interaction. Continue Reading
By- Michael Heller, TechTarget
-
News
20 Jun 2019
Gartner: Application security programs coming up short
At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By -
News
19 Jun 2019
BlueKeep warnings having little effect on Windows patching
DHS issued the latest security advisory for BlueKeep, but it's unclear whether the repeated warnings are being heeded by organizations that have vulnerable systems on the internet. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
19 Jun 2019
How can developers avoid a Git repository security risk?
Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
By -
News
31 May 2019
Docker vulnerability with no patch could allow root access
A security researcher disclosed a Docker bug that could allow an attacker to gain root-level access to a system. Docker signed off on the disclosure, despite a fix not yet being available. Continue Reading
By- Michael Heller, TechTarget
-
News
29 May 2019
Hackers scan for MySQL ransomware targets
A security researcher found that malicious actors have been scanning database servers for MySQL ransomware targets running on Windows, but mitigation should be relatively easy. Continue Reading
By- Michael Heller, TechTarget
-
Report
24 May 2019
Using virtual appliances for offload is a key encryption strategy
Using a virtual appliance to process traffic is a key encryption strategy enterprises can use to improve throughput. The results are striking Continue Reading
By- Kevin Tolly, The Tolly Group
-
News
24 May 2019
Barracuda Advanced Bot Protection safeguards web applications
Advanced Bot Protection is a cloud-hosted platform that defends against automated threats using AI. It is available as both a web application firewall (WAF) and WAF as a service. Continue Reading
-
News
15 May 2019
WannaCry infections continue to spread 2 years later
Two years after the initial wave of WannaCry attacks, security researchers said the ransomware continues to spread to vulnerable devices even though it's not encrypting data. Continue Reading
By- Michael Heller, TechTarget
-
Blog Post
09 May 2019
Google focuses more on steering the Android ship than righting it
Google's security and privacy upgrades to Android are mostly forward-thinking changes, readying for a future that is inevitable but unclear, rather than ways to improve security today. Continue Reading
By- Michael Heller, TechTarget
-
News
06 May 2019
Cisco SSH vulnerability sparks debate over backdoors
Cisco released a patch for a critical vulnerability in Nexus 9000 switches that could allow a remote attacker to gain root access because of the use of a default SSH key pair. Continue Reading
By- Michael Heller, TechTarget
-
Guide
03 May 2019
How to manage application security best practices and risks
The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
01 May 2019
DHS patching directive brings shorter deadlines
A new DHS directive placed new deadlines on patching critical vulnerabilities for federal agencies and experts are divided on whether the timelines are reasonable and realistic. Continue Reading
By- Michael Heller, TechTarget
-
News
30 Apr 2019
A recent history of Facebook security and privacy issues
Since the start of 2018, Facebook has had a seemingly constant cascade of security issues and privacy scandals. Here's a look back at the social media giant's most serious issues. Continue Reading
By- Michael Heller, TechTarget
-
Tip
26 Apr 2019
How to improve application security testing when it falls short
Application security testing is a critical component of enterprise security. Find out what steps you can take to make sure your testing procedures fit the bill. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
16 Apr 2019
Microsoft disputes Outlook data breach report
Microsoft warned Outlook users who may have had data compromised in an attack using customer support login credentials to access account information over the course of months. Continue Reading
By- Michael Heller, TechTarget
-
News
04 Apr 2019
Pipdig WordPress plugin accused of DDoS attacks and backdoors
Pipdig, a blog theme and plugin company, was accused of using obfuscated code to gain backdoor access to customer blogs and launch low-scale DDoS attacks on rivals. Continue Reading
By- Michael Heller, TechTarget
-
News
03 Apr 2019
Proof-of-concept Magento exploit used in attacks
Experts are urging users to patch after a proof-of-concept Magento exploit was picked up by malicious actors and used in attempted attacks on e-commerce websites. Continue Reading
By- Michael Heller, TechTarget
-
Tip
28 Mar 2019
4 steps to ensure virtual machine security in cloud computing
Enterprises are now operating in a cloud-virtual world. Understanding four steps to ensure virtual machine security in cloud computing environments is crucial. Continue Reading
By- Tom Nolle, Andover Intel
-
Feature
28 Mar 2019
Symantec Web Security Service vs. Zscaler Internet Access
Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
28 Mar 2019
Ghidra update squashes serious bugs in NSA reverse-engineering tool
The NSA answered lingering questions around what kind of support it would provide for Ghidra after releasing the tool as open source with a patch that fixed serious bugs. Continue Reading
By- Michael Heller, TechTarget
-
Feature
27 Mar 2019
6 questions to ask before evaluating secure web gateways
Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
19 Mar 2019
Critical WinRAR bug exploited in targeted attacks
A critical WinRAR bug that was exposed after 19 years is already being exploited in targeted attacks in the Middle East and United States, despite the availability of patch. Continue Reading
By- Michael Heller, TechTarget
-
Tip
19 Mar 2019
5 common web application vulnerabilities and how to avoid them
Common web application vulnerabilities continue to confound enterprises. Here's how to defend against them and stop enabling exploits. Continue Reading
By -
News
15 Mar 2019
Despite reservations about NSA's Ghidra, experts see value
The NSA's reverse-engineering tool, Ghidra, was released to the public and despite some initial concerns experts are generally bullish on the prospects for the free software. Continue Reading
By- Michael Heller, TechTarget
-
News
08 Mar 2019
Battling misinformation focus of Facebook, Twitter execs' talk
Facebook and Twitter executives say finding a pattern of malicious activity is more effective in identifying bad actors on sites than looking at the misleading information itself. Continue Reading
By- Antone Gonsalves, News Director
-
News
06 Mar 2019
NSA releases Ghidra open source reverse-engineering tool
The National Security Agency launched its highly anticipated reverse-engineering tool, Ghidra. The free software offers features found in high-end commercial products. Continue Reading
By- Antone Gonsalves, News Director
-
Tip
04 Mar 2019
The developer's role in application security strategy
Developers often pay lip service about being integral to application security, but they usually don't consider vulnerabilities until much too late in the dev process. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
01 Mar 2019
Coinhive shutdown imminent after troubled cryptomining past
The Coinhive cryptominer is scheduled to be shut down following a troubled history and experts don't think the company gave the full story as to why the shutdown is happening. Continue Reading
By- Michael Heller, TechTarget
-
Tutorial
01 Mar 2019
Mimikatz tutorial: How it hacks Windows passwords, credentials
In this Mimikatz tutorial, learn about the password and credential dumping program, where you can acquire it and how easy it makes it to compromise system passwords. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
28 Feb 2019
Cisco patches persistent Webex vulnerability for a third time
After two previous attempts, Cisco has issued a third patch for a persistent flaw in its Webex platform, which allows privilege escalation attacks on systems running the software. Continue Reading
By- Rob Wright, Senior News Director
-
News
27 Feb 2019
MarioNet attack exploits HTML5 to create botnets
Researchers created a new browser-based attack, called MarioNet, that exploits an HTML5 API and can create botnets even after a browser tab is closed or a target navigates away. Continue Reading
By- Michael Heller, TechTarget
-
News
25 Feb 2019
WinRAR bug found and patched after 19 years
A WinRAR bug that affects every version of the app over the past 19 years was discovered and patched. But it's unclear if the millions of the app's users will get the needed fix. Continue Reading
By- Michael Heller, TechTarget
-
Tip
21 Feb 2019
Weighing the cost of mitigating Spectre variant 2
Fixes for the Spectre variant 2 vulnerability affect system performance, so some in the tech sector wonder whether they're worth it. Expert Michael Cobb examines that question. Continue Reading
By -
Answer
18 Feb 2019
Should I use GitHub's new private repositories?
Is GitHub's new private repositories service robust enough to serve the needs of enterprises? Nick Lewis examines what works -- and what doesn't. Continue Reading
By -
News
15 Feb 2019
Google Play security improved by targeting repeat offenders
Google this week attributed security improvements in Google Play to both automated processes and human reviewers. The improvements include stopping bad apps from being published. Continue Reading
By- Michael Heller, TechTarget
-
Answer
15 Feb 2019
How do trusted app stores release and disclose patches?
A flaw was found in the Android installer for Fortnite and was patched within 24 hours. Learn how such a quick turnaround affects mobile app security with expert Nick Lewis. Continue Reading
By -
Answer
14 Feb 2019
How can credential stuffing attacks be detected?
Credential stuffing attacks can put companies that offer online membership programs, as well as their customers, at risk. Find out how to proactively manage the threat. Continue Reading
By -
News
13 Feb 2019
Dunkin' security alert warns of new credential-stuffing attacks
Dunkin' sent a security alert to customers warning of potentially malicious access of accounts due to the second credential stuffing attack in less than three months. Continue Reading
By- Michael Heller, TechTarget
-
Answer
13 Feb 2019
How did Browser Reaper cause browsers to crash?
A Mozilla vulnerability duplicated in the Browser Reaper set of DoS proofs of concept caused Chrome, Firefox and Safari to crash. Learn why and how this occurred. Continue Reading
By -
News
12 Feb 2019
MongoDB security head addresses database exposures
Davi Ottenheimer, MongoDB's head of product security, discusses his company's efforts to prevent accidental database exposures and why so many misconfigurations occur. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
12 Feb 2019
Vet third-party apps to reduce supply chain threats
Enterprises are more vulnerable than ever before to supply chain threats from third-party apps and modules. Last fall's compromised NPM package is one cautionary tale. Continue Reading
By -
Tip
11 Feb 2019
5-step checklist for web application security testing
This five-step approach to web application security testing with documented results will help keep your organization's applications free of flaws. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
08 Feb 2019
Apple releases FaceTime patch and iOS zero-day fixes
New bug fix releases for both iOS and macOS include the anticipated FaceTime patch for the serious eavesdropping flaw in group chats as well as fixes for two iOS zero-days. Continue Reading
By- Michael Heller, TechTarget
-
Tip
07 Feb 2019
More Ghostscript vulnerabilities, more PostScript problems
Researchers keep finding PostScript interpreter bugs. Find out how a new Ghostscript vulnerability enables remote code execution against web services and Linux desktop users. Continue Reading
By -
Tip
07 Feb 2019
The security implications of serverless cloud computing
Cloudflare Workers is new for serverless cloud computing and introduces benefits and drawbacks for security professionals. Expert Ed Moyle discusses the security side of serverless. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
06 Feb 2019
How to create a more effective application security program
To mitigate software-related security risks, fine-tune your application security program to get the right people involved, document your standards and manage your weak points. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
01 Feb 2019
Google planning warnings for lookalike URLs in Chrome
Google is planning to add warnings on lookalike URLs in an ongoing effort to ensure internet users experience useful and clear warnings while using the Chrome browser. Continue Reading
By- Michael Heller, TechTarget
-
News
31 Jan 2019
Facebook and Google exploit Enterprise Certificate loophole on iOS
Both Facebook and Google were found to be exploiting a loophole in Apple's Developer Enterprise Program for iOS with apps used to gather data on users who installed them. Continue Reading
By- Michael Heller, TechTarget
-
Tip
31 Jan 2019
Steps to improve an application environment and fix flaws
Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver. Continue Reading
By- Kevin Beaver, Principle Logic, LLC