Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

September 23, 2022 23 Sep'22
Malicious NPM package discovered in supply chain attack

Threat actors are circulating a look-alike version of the Material Tailwind NPM package to infect developers for supply chain malware attacks, according to ReversingLabs.
September 22, 2022 22 Sep'22
IT pros pan government software supply chain security advice

As the prospect of federally mandated SBOM drives up usage of the software supply chain security tech, the government's documentation so far adds to risky confusion, experts say.
September 22, 2022 22 Sep'22
15-year-old Python vulnerability poses supply chain threat

Trellix researchers issued a call for help to patch a vulnerable software module, which was found in more than 300,000 open source GitHub repositories.
September 16, 2022 16 Sep'22
DOJ drops report on cryptocurrency crime efforts

The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges.

Bring yourself up to speed with our introductory content

Android System WebView

Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web content directly inside an application. Continue Reading
How DKIM records reduce email spoofing, phishing and spam

Learn how implementing DomainKeys Identified Mail helps protect against phishing, spam and email forgery by digitally signing outgoing messages. Continue Reading
air gap (air gapping)

An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

10 security-by-design principles to include in the SDLC

Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling. Continue Reading
How to conduct a secure code review

Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading

Learn to apply best practices and optimize your operations.

5 ways to improve your cloud security posture

With more applications deployed to multiple clouds, organizations must shore up their security posture, and cloud security posture management is designed to help. Find out why. Continue Reading
Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
Remote work cybersecurity: 12 risks and how to prevent them

Expanding attack surfaces, increasing vulnerabilities and overstressed staffs are among a litany of security risks whose ultimate cure requires more than an ounce of prevention. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Key software patch testing best practices

Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps? Continue Reading
Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading