Applications are a primary target for cyber attacks. Historically, Web Application Firewalls (WAFs) have been a popular choice for protecting production applications from attack. But they have their limitations, and advice on how to bypass a WAF is readily available. Learn how context from within the application...
In the wake of the discovery of the serious Android Stagefright flaws, which affect an estimated 950 million devices, security researchers reveal that they discovered yet another Stagefright flaw - and that Google's initial fix could be exploited.
The Windows 10 Home edition being released by Microsoft includes on-by-default cloud services that may pose "bring your own device" risks to organizations, F-Secure security expert Sean Sullivan warns.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
The APT gang known as Darkhotel quickly tapped a Hacking Team exploit for Flash, Kaspersky Lab reports. But the gang's ongoing trickery shows that organizations must do more than just patch against the latest threats.
The Black Hat conference features presentations that have already led to very public warnings about remotely hackable flaws in everything from Jeep Cherokees and Linux-powered rifles to Android mobile devices and Mac OS X.
In the wake of the severe Stagefright flaw being discovered, numerous security-savvy experts say they now plan to ditch Android. Is it time for enterprises to start blocking unpatched Android devices?
Attackers could abuse flaws in Android's Stagefright media library to seize control of almost 950 million devices, just by sending a text, a security researcher warns. But will most devices ever see related fixes?
If SSL goes away today, the Internet needs a security plan B, says Uniken's Chief Security Evangelist, Menny Barzilay. Innovation on the application level is what will restore trust, he believes.
Enterprise developers are under pressure to produce quickly mobile apps, often leaving security as a second thought. Denim Group's John Dickson suggests ways to make security a priority.
Application security is not keeping pace with evolving attacks, says Prasenjit Saha, a CEO at the consultancy Happiest Minds Technologies. One problem: lack of a standard, secure coding process in the application development life cycle.
The business case presented to internal stakeholders can make or break your security program. Statistics around breaches and vulnerabilities have not been sufficient in helping CISOs talk to their boards about funding more mature AppSec programs. Traditional ROI models often focus on proving that "something bad...
The Hong Kong regional headquarters of (ISC)² is collaborating with universities across Asia through its Global Academic Program to deliver essential skills to help grow the information security workforce.
US-CERT warns that all Linux distributions should be immediately updated to patch "GHOST," a serious security vulnerability. Attackers could exploit the bug to remotely seize control of a system.
Because of employees' increasing demands to use mobile devices at work, NIST's latest special publication provides organizations with a process to implement a mobile app vetting process.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.