Application and platform security
Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.
Top Stories
-
Opinion
27 Mar 2025
What the $32B Google-Wiz deal says about cloud-native security
Google's acquisition of Wiz for $32 billion highlights the importance of cloud-native security as organizations transition to microservices and containerization. Continue Reading
By- Melinda Marks, Practice Director
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Tip
21 Mar 2025
Does using DeepSeek create security risks?
The Chinese AI chatbot, despite its efficiency and customizability, raises serious concerns about data privacy, censorship and security vulnerabilities for business users. Continue Reading
By
-
News
03 Mar 2021
Microsoft Exchange Server zero-days exploited in the wild
Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
22 Feb 2021
Why developers should consider automated threat modeling
Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
By- Kyle Johnson, Technology Editor
- O'Reilly Media
-
Feature
22 Feb 2021
Introducing development teams to threat modeling in SDLC
Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
10 Feb 2021
Researcher used open source supply chain to breach tech giants
Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains. Continue Reading
By- Arielle Waldman, News Writer
-
News
02 Feb 2021
How a social engineering campaign fooled infosec researchers
Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them. Continue Reading
By- Arielle Waldman, News Writer
-
Quiz
22 Dec 2020
Quiz: Web application security threats and vulnerabilities
Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz. Continue Reading
By- Sharon Shea, Executive Editor
-
Guest Post
08 Dec 2020
5 myths about putting security into CI/CD pipelines
Companies looking to introduce security testing earlier into software development must look past myths and understand what to realistically expect before creating their strategy. Continue Reading
By- Dan Cornell
-
News
08 Dec 2020
Forescout reports 33 new TCP/IP vulnerabilities
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Dec 2020
Salesforce advised users to skip Chrome browser updates
Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
24 Nov 2020
Weighing remote browser isolation benefits and drawbacks
Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By -
Tip
17 Nov 2020
Choosing between proxy vs. API CASB deployment modes
Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading
By- Ed Moyle, SecurityCurve
-
Feature
15 Oct 2020
The Ghidra Book interview with co-author Kara Nance
Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
By- Michael Heller, TechTarget
-
Feature
29 Sep 2020
Oversee apps with these 3 application security testing tools
Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity. Continue Reading
By -
News
24 Sep 2020
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
18 Sep 2020
Security for SaaS applications starts with collaboration
Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading
By- Alicia Landsberg, Senior Managing Editor
-
News
17 Sep 2020
Maze ransomware gang uses VMs to evade detection
A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
15 Sep 2020
3 steps to secure codebase updates, prevent vulnerabilities
Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
By -
News
25 Aug 2020
'Meow' attacks top 25,000 exposed databases, services
One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down. Continue Reading
By- Arielle Waldman, News Writer
-
News
18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS
The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
18 Aug 2020
'Secure by Design' principles include failures, exceptions
Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
18 Aug 2020
Exception handling best practices call for secure code design
Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading
By- Sharon Shea, Executive Editor
- Manning Publications Co.
-
News
12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack
Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Aug 2020
10 years after Stuxnet, new zero-days discovered
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
07 Aug 2020
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Continue Reading
By- Rob Wright, Senior News Director
-
Opinion
03 Aug 2020
The case for cybersecurity by design in application software
Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
By -
Tip
03 Aug 2020
How to shift from DevOps to DevSecOps
A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading
By- Mike Chapple, University of Notre Dame
- 03 Aug 2020
-
Tip
31 Jul 2020
How to mitigate an HTTP request smuggling vulnerability
Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
By- Mike Chapple, University of Notre Dame
-
News
30 Jul 2020
'Meow' attacks continue, thousands of databases deleted
More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation. Continue Reading
By- Arielle Waldman, News Writer
-
News
23 Jul 2020
'Meow' attacks wipe more than 1,000 exposed databases
A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 Jul 2020
'SigRed' alert: Experts urge action on Windows DNS vulnerability
Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Jul 2020
Attackers find new way to exploit Docker APIs
Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Jul 2020
Critical F5 Networks vulnerability under attack
A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors. Continue Reading
By- Arielle Waldman, News Writer
-
News
01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches
Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Jun 2020
Open source vulnerabilities down 20% in 2019
Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture. Continue Reading
By- Arielle Waldman, News Writer
-
News
08 Jun 2020
CISA warns Microsoft SMB v3 vulnerability is under attack
CISA issued an alert Friday about attacks on a Microsoft Server Message Block v3 vulnerability and a proof-of-concept code that exploits the flaw in unpatched systems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
08 Jun 2020
Benefits of open source container vulnerability scanning
Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading
By- Ed Moyle, SecurityCurve
-
News
02 Jun 2020
VMware vulnerability enables takeover of cloud infrastructure
A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 May 2020
Supply chain attack hits 26 open source projects on GitHub
Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
20 May 2020
IT and security teams collide as companies work from home
The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security. Continue Reading
By- Jonathan Meyers, Guest Contributor
-
Quiz
20 May 2020
Use these CCSK practice questions to prep for the exam
Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions. Continue Reading
By- Sharon Shea, Executive Editor
- McGraw Hill Education
-
News
07 May 2020
Advanced Computer Software leak exposes nearly 200 law firms
Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
06 May 2020
GitHub security features tackle data exposures, vulnerabilities
In in effort to curb accidental data exposures in repositories, GitHub unveiled a new 'secret' scanning tool that examines public and private code repositories for sensitive data. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
05 May 2020
The what, why and how of the Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
By- Katie Donegan, Social Media Manager
- Manning Publications Co.
-
Feature
05 May 2020
Why developers need to know the Spring Security framework
The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities. Continue Reading
By- Katie Donegan, Social Media Manager
- Manning Publications Co.
-
Tip
29 Apr 2020
SSL certificate best practices for 2020 and beyond
SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By -
News
16 Apr 2020
TPG Capital combines 3 vendors to form Digital.ai
Private equity firm TPG Capital combined three acquisitions -- CollabNet VersionOne, XebiaLabs and Arxan Technologies -- to create the new DevSecOps-focused vendor. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
14 Apr 2020
Bot management drives ethical data use, curbs image scraping
Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
By- Sandy Carielli
-
Podcast
09 Apr 2020
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction. Continue Reading
By- Rob Wright, Senior News Director
-
News
06 Apr 2020
Zoom takes new security measures to counter 'Zoombombing'
Zoom has implemented two key security and privacy measures in order to counter 'Zoombombing.' One enables passwords in meetings by default, while the second creates waiting rooms. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
02 Apr 2020
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices. Continue Reading
By- Rob Wright, Senior News Director
-
News
02 Apr 2020
Zoom zero-day vulnerabilities patched a day after disclosure
An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
30 Mar 2020
Best practices for threat modeling service mesh, microservices
In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
By- Ed Moyle, SecurityCurve
-
Tip
25 Mar 2020
How to prevent buffer overflow attacks
Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By- Sharon Shea, Executive Editor
-
News
11 Mar 2020
Microsoft discloses wormable SMBv3 flaw without a patch
Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
27 Feb 2020
How to use TODO comments for secure software development
Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production. Continue Reading
By -
Feature
27 Feb 2020
Windows IIS server hardening checklist
Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use. Continue Reading
By -
Feature
26 Feb 2020
Security testing web applications and systems in the modern enterprise
Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
26 Feb 2020
Software security testing and software stress testing basics
In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program. Continue Reading
By- Sharon Shea, Executive Editor
- McGraw Hill Education
-
Opinion
26 Feb 2020
RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login
Security-focused conferences are my time to shine--and geek out on the latest in security news. Continue Reading
By- Kyle Johnson, Technology Editor
-
Answer
06 Feb 2020
How to combat the top 5 enterprise social media risks in business
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By- Katie Donegan, Social Media Manager
- Ed Skoudis, SANS Technology Institute
-
News
24 Jan 2020
Citrix patches vulnerability as ransomware attacks emerge
Citrix rolls out more patches ahead of schedule for CVE-2019-19781, a directory traversal vulnerability that affects Citrix ADC, Gateway and SD-WAN WANOP products. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
21 Jan 2020
Lyft's open source asset tracking tool simplifies security
Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading
By- Ed Moyle, SecurityCurve
-
News
15 Jan 2020
NSA reports flaw in Windows cryptography core
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
By- Michael Heller, TechTarget
-
Feature
14 Jan 2020
5 application security threats and how to prevent them
The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
13 Jan 2020
Signal Sciences: Enterprises still overlooking web app security
Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Answer
13 Jan 2020
7 TCP/IP vulnerabilities and how to prevent them
While many TCP/IP security issues are in the protocol suite's implementation, there are some vulnerabilities in the underlying protocols to be aware of. Continue Reading
By- Sharon Shea, Executive Editor
-
News
13 Dec 2019
Google expands multiple Chrome password protection features
Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
By -
Feature
11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools
Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
02 Dec 2019
Exposed Firebase databases hidden by Google search
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
By- Rob Wright, Senior News Director
-
News
13 Nov 2019
ZombieLoad v2 disclosed, affects newest Intel chips
Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
By- Michael Heller, TechTarget
-
Tip
12 Nov 2019
How container adoption affects container security
Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago. Continue Reading
By- Ed Moyle, SecurityCurve
-
News
06 Nov 2019
Firefox bug is enabling attackers to freeze out users
A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
By- Michael Heller, TechTarget
-
News
01 Nov 2019
Threat Stack Application Security Monitoring adds Python support
Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code. Continue Reading
By -
News
31 Oct 2019
Adsterra still connected to malvertising campaign, despite denials
Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
18 Oct 2019
DevSecOps model requires security get out of its comfort zone
Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
By- Alissa Irei, Senior Site Editor
-
News
11 Oct 2019
Palo Alto Networks launches new version of Demisto SOAR platform
New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users. Continue Reading
By -
News
09 Oct 2019
Twitter 2FA data 'inadvertently' used for advertising
Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time. Continue Reading
By- Michael Heller, TechTarget
-
Feature
07 Oct 2019
To secure DevOps, break culture and tooling barriers
The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
By- Sharon Shea, Executive Editor
-
Feature
07 Oct 2019
The 3 pillars of a DevSecOps model
In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
By- Sharon Shea, Executive Editor
- Manning Publications Co.
-
Tip
04 Oct 2019
Virtual network security measures to thwart access threats
Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading
By- Tom Nolle, Andover Intel
-
News
24 Sep 2019
Cloudflare battles malicious bots with 'fight mode'
Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading
By- Michael Heller, TechTarget
-
Tip
19 Sep 2019
How to encrypt and secure a website using HTTPS
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
- Mike Chapple, University of Notre Dame
-
Tip
12 Sep 2019
What it takes to be a DevSecOps engineer
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
By -
News
10 Sep 2019
Gigamon launches platform to improve application visibility
Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
-
Tip
27 Aug 2019
Complexity requires new cloud-based patch management strategies
Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
23 Aug 2019
DARPA unveils first SSITH prototype to mitigate hardware flaws
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches. Continue Reading
By- Michael Heller, TechTarget
-
Answer
23 Aug 2019
What's the best way to prevent XSS attacks?
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid. Continue Reading
-
Answer
20 Aug 2019
Why is patch management important?
Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Opinion
20 Aug 2019
How does Menlo Security’s remote browser compare in an ever more crowded space?
There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
By -
Tip
16 Aug 2019
DevOps security checklist requires proper integration
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
By -
Feature
08 Aug 2019
CEO on collaboration tool security, insider threats, skills gap
Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
07 Aug 2019
Black Hat 2019 keynote: Software teams must own security
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
By- Michael Heller, TechTarget
-
Tip
05 Aug 2019
How to start building a DevSecOps model
To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams. Continue Reading
By -
News
17 Jul 2019
BlueKeep blues: More than 800,000 systems still unpatched
Despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed. Continue Reading
By- Rob Wright, Senior News Director
-
News
17 Jul 2019
E-commerce platforms used for domain spoofing against Best Buy
Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down. Continue Reading
By- Rob Wright, Senior News Director
-
News
12 Jul 2019
Zoom vulnerability reveals privacy issues for users
Companies and users around the world were impacted by a Zoom conferencing software flaw that could allow threat actors to forcibly join a video call without interaction. Continue Reading
By- Michael Heller, TechTarget
-
News
20 Jun 2019
Gartner: Application security programs coming up short
At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By -
News
19 Jun 2019
BlueKeep warnings having little effect on Windows patching
DHS issued the latest security advisory for BlueKeep, but it's unclear whether the repeated warnings are being heeded by organizations that have vulnerable systems on the internet. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
19 Jun 2019
How can developers avoid a Git repository security risk?
Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
By