The cost upsides of writing code that's as free from bugs as possible has long been known, says Veracode's Chris Wysopal, but bugs continue to plague production code. Thanks to the rise of agile programming, however, there are new opportunities to eradicate flaws during development.
Cloud computing initiatives, network monitoring and risk management are driving network security operations. Meanwhile, federal agencies face record levels of threats yet still rely on manual processes and outdated point tools. Agency network security operations must be modernized to streamline network security...
Insider threats pose high risks to all enterprises. No organization, regardless of size, industry or region, is immune. With all the advantages that the digital age has brought us (and they are many) it has also brought a rise of highly damaging data breaches, from both internal and external sources.
Regardless of...
Certification and accreditation (C&A) has been like alphabet soup. As it transitions to assessment and authorization (A&A), it's time to sort through the confusion and identify which terms and processes apply in any given situation.
This paper sorts through the confusion to identify which terms, approaches, and...
For too long, ensuring that code is securely written - and bug free - has been a business afterthought. But there's been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode.
VASCO Data Security's Scott Clements on Aligning Security with User Experience
With great efficiencies and cost savings also come great threats and fraud risks. This is today's digital reality, and it is why cybersecurity and the user experience need to be aligned to create digital trust, says Scott Clements of VASCO...
With great efficiencies and cost savings also come great threats and fraud risks. This is today's digital reality, and it is why cybersecurity and the user experience need to be aligned to create digital trust, says Scott Clements of VASCO Data Security.
Most organizations that enable users to perform online transactions have implemented security measures to address fraud. Currently, one of the most common safeguards used in a wide array of products/services is two-factor authentication (2FA).
In recent years, 2FA has become employed by global tech leaders like...
Behavioral biometrics has been getting a lot of attention recently due to its ability to uniquely address the challenges posed by social engineering, account takeovers and malware. It is already considered the third most popular biometric technology (after finger and face) and tied with iris.
Nonetheless, as an...
As mobile devices eclipse computers and laptops as the preferred method of going online, fraudsters have followed users, porting their modus operandi -account takeover, social engineering, and malware based remote control attacks - to the mobile arena. Thus, hackers have many more opportunities to perpetrate fraud and...
Many IT professionals use remote administration tools to troubleshoot and fix PC problems remotely, just as if they were sitting behind the keyboard themselves. But these tools are also used for different purposes today. Both nation states and hacktivists use modified these tools, creating Remote Access Trojan's...
Firewall complexity is leaving companies exposed. The technology to keep company networks safe exists, but it isn't being managed properly. Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating...
As cyber threats become more complex in nature and the attack surface grows, enterprises are shifting to a risk-centric threat identification, containment, and remediation security strategy, prioritizing investments in tools and capabilities to detect threats and respond to incidents faster and more...
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control, and data exfiltration.
The malicious use of encryption is growing at an alarming rate, from 104 in 2014, to 13,542 as of mid-2016, according to...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.