Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Opinion 27 Mar 2025
What the $32B Google-Wiz deal says about cloud-native security

Google's acquisition of Wiz for $32 billion highlights the importance of cloud-native security as organizations transition to microservices and containerization. Continue Reading
By
- Melinda Marks, Practice Director
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 21 Mar 2025
Does using DeepSeek create security risks?

The Chinese AI chatbot, despite its efficiency and customizability, raises serious concerns about data privacy, censorship and security vulnerabilities for business users. Continue Reading
By
- Nihad Hassan

News 03 Mar 2021
Microsoft Exchange Server zero-days exploited in the wild

Both the Cybersecurity and Infrastructure Security Agency and National Security Agency advise patching the Exchange Server zero-days immediately. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 22 Feb 2021
Why developers should consider automated threat modeling

Traditional threat modeling is hard. Can automated threat modeling make development and security teams' lives easier? Continue Reading
By
- Kyle Johnson, Technology Editor
- O'Reilly Media
Feature 22 Feb 2021
Introducing development teams to threat modeling in SDLC

Enterprises can improve their security posture by educating development teams on threat modeling so they can work alongside security teams and everyone knows a common language. Continue Reading
By
- Kyle Johnson, Technology Editor
News 10 Feb 2021
Researcher used open source supply chain to breach tech giants

Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Feb 2021
How a social engineering campaign fooled infosec researchers

Impersonation tactics in social engineering attacks have become so elaborate that even highly aware members of the infosec community can fall victim to them. Continue Reading
By
- Arielle Waldman, News Writer
Quiz 22 Dec 2020
Quiz: Web application security threats and vulnerabilities

Applications are still the biggest attack vector for malicious actors -- can you protect them? Test your knowledge with this web application security quiz. Continue Reading
By
- Sharon Shea, Executive Editor
Guest Post 08 Dec 2020
5 myths about putting security into CI/CD pipelines

Companies looking to introduce security testing earlier into software development must look past myths and understand what to realistically expect before creating their strategy. Continue Reading
By
- Dan Cornell
News 08 Dec 2020
Forescout reports 33 new TCP/IP vulnerabilities

The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Dec 2020
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Nov 2020
Weighing remote browser isolation benefits and drawbacks

Remote browser isolation benefits end-user experience and an organization's network security. Compare the pros, cons and cost challenges before investing in the zero-trust approach. Continue Reading
By
- Michael Cobb
Tip 17 Nov 2020
Choosing between proxy vs. API CASB deployment modes

Curious how to choose the right CASB deployment mode for your organization? Before you buy, compare how proxy vs. API CASB architectures work to secure SaaS applications. Continue Reading
By
- Ed Moyle, SecurityCurve
Feature 15 Oct 2020
The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
By
- Michael Heller, TechTarget
Feature 29 Sep 2020
Oversee apps with these 3 application security testing tools

Unsecured applications can have dire consequences for enterprises. Discover how top app security testing tools on the market today protect apps and enhance developer productivity. Continue Reading
By
- Michael Cobb
News 24 Sep 2020
Microsoft detects Netlogon vulnerability exploitation in the wild

While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading
By
- Arielle Waldman, News Writer
Feature 18 Sep 2020
Security for SaaS applications starts with collaboration

Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
News 17 Sep 2020
Maze ransomware gang uses VMs to evade detection

A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year. Continue Reading
By
- Arielle Waldman, News Writer
Tip 15 Sep 2020
3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
By
- Michael Cobb
News 25 Aug 2020
'Meow' attacks top 25,000 exposed databases, services

One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down. Continue Reading
By
- Arielle Waldman, News Writer
News 18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 18 Aug 2020
'Secure by Design' principles include failures, exceptions

Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 18 Aug 2020
Exception handling best practices call for secure code design

Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading
By
- Sharon Shea, Executive Editor
- Manning Publications Co.
News 12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2020
10 years after Stuxnet, new zero-days discovered

A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Aug 2020
Not just politics: Disinformation campaigns hit enterprises, too

In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Continue Reading
By
- Rob Wright, Senior News Director
Opinion 03 Aug 2020
The case for cybersecurity by design in application software

Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
By
- Michael Cobb
Tip 03 Aug 2020
How to shift from DevOps to DevSecOps

A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading
By
- Mike Chapple, University of Notre Dame
03 Aug 2020

The case for cybersecurity by design in application software

Continue Reading
Tip 31 Jul 2020
How to mitigate an HTTP request smuggling vulnerability

Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 30 Jul 2020
'Meow' attacks continue, thousands of databases deleted

More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation. Continue Reading
By
- Arielle Waldman, News Writer
News 23 Jul 2020
'Meow' attacks wipe more than 1,000 exposed databases

A new threat has hit more than 1,000 unsecured databases on ElasticSearch, MongoDB and other platforms, destroying data and replacing files with a single word: meow. Continue Reading
By
- Arielle Waldman, News Writer
News 17 Jul 2020
'SigRed' alert: Experts urge action on Windows DNS vulnerability

Experts are urging organizations to take immediate action on SigRed, a 17-year-old Windows DNS server vulnerability discovered by Check Point Research and patched by Microsoft. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jul 2020
Attackers find new way to exploit Docker APIs

Aqua Security released research detailing a new tactic where the attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jul 2020
Critical F5 Networks vulnerability under attack

A critical remote code execution vulnerability that was disclosed and patched just days ago is already being exploited by threat actors. Continue Reading
By
- Arielle Waldman, News Writer
News 01 Jul 2020
Microsoft fixes Windows Codecs flaws with emergency patches

Microsoft addressed two vulnerabilities, one rated critical and the other rated important, after being alerted by a researcher with Trend Micro's Zero Day Initiative. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jun 2020
Open source vulnerabilities down 20% in 2019

Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture. Continue Reading
By
- Arielle Waldman, News Writer
News 08 Jun 2020
CISA warns Microsoft SMB v3 vulnerability is under attack

CISA issued an alert Friday about attacks on a Microsoft Server Message Block v3 vulnerability and a proof-of-concept code that exploits the flaw in unpatched systems. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 08 Jun 2020
Benefits of open source container vulnerability scanning

Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading
By
- Ed Moyle, SecurityCurve
News 02 Jun 2020
VMware vulnerability enables takeover of cloud infrastructure

A new vulnerability in VMware Cloud Director allowed any user to obtain control of any virtual machine on a public or private cloud, according to ethical hacking firm Citadelo. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 May 2020
Supply chain attack hits 26 open source projects on GitHub

Threat actors conducted an unprecedented supply chain attack by using malware known as Octopus Scanner to create backdoors in open source projects, which were uploaded to GitHub. Continue Reading
By
- Arielle Waldman, News Writer
Feature 20 May 2020
IT and security teams collide as companies work from home

The new world of remote work has given rise to IT and security teams working more closely than ever before. They need to come together to provide excellent UX and security. Continue Reading
By
- Jonathan Meyers, Guest Contributor
Quiz 20 May 2020
Use these CCSK practice questions to prep for the exam

Virtualization and container security are key topics in the Certificate of Cloud Security Knowledge credential. Test your knowledge with these CCSK practice questions. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
News 07 May 2020
Advanced Computer Software leak exposes nearly 200 law firms

Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 06 May 2020
GitHub security features tackle data exposures, vulnerabilities

In in effort to curb accidental data exposures in repositories, GitHub unveiled a new 'secret' scanning tool that examines public and private code repositories for sensitive data. Continue Reading
By
- Rob Wright, Senior News Director
Feature 05 May 2020
The what, why and how of the Spring Security architecture

Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
By
- Katie Donegan, Social Media Manager
- Manning Publications Co.
Feature 05 May 2020
Why developers need to know the Spring Security framework

The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities. Continue Reading
By
- Katie Donegan, Social Media Manager
- Manning Publications Co.
Tip 29 Apr 2020
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By
- Michael Cobb
News 16 Apr 2020
TPG Capital combines 3 vendors to form Digital.ai

Private equity firm TPG Capital combined three acquisitions -- CollabNet VersionOne, XebiaLabs and Arxan Technologies -- to create the new DevSecOps-focused vendor. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 14 Apr 2020
Bot management drives ethical data use, curbs image scraping

Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
By
- Sandy Carielli
Podcast 09 Apr 2020
Risk & Repeat: Are Zoom security fears overblown?

This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction. Continue Reading
By
- Rob Wright, Senior News Director
News 06 Apr 2020
Zoom takes new security measures to counter 'Zoombombing'

Zoom has implemented two key security and privacy measures in order to counter 'Zoombombing.' One enables passwords in meetings by default, while the second creates waiting rooms. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 02 Apr 2020
Risk & Repeat: Zoom security comes under fire

This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices. Continue Reading
By
- Rob Wright, Senior News Director
News 02 Apr 2020
Zoom zero-day vulnerabilities patched a day after disclosure

An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 30 Mar 2020
Best practices for threat modeling service mesh, microservices

In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 25 Mar 2020
How to prevent buffer overflow attacks

Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By
- Sharon Shea, Executive Editor
News 11 Mar 2020
Microsoft discloses wormable SMBv3 flaw without a patch

Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 27 Feb 2020
How to use TODO comments for secure software development

Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production. Continue Reading
By
- Michael Cobb
Feature 27 Feb 2020
Windows IIS server hardening checklist

Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use. Continue Reading
By
- Michael Cobb
Feature 26 Feb 2020
Security testing web applications and systems in the modern enterprise

Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 26 Feb 2020
Software security testing and software stress testing basics

In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program. Continue Reading
By
- Sharon Shea, Executive Editor
- McGraw Hill Education
Opinion 26 Feb 2020
RSA 2020 day 1: Windows 10X & secured core PCs; Hysolate updates; LastPass passwordless login

Security-focused conferences are my time to shine--and geek out on the latest in security news. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 06 Feb 2020
How to combat the top 5 enterprise social media risks in business

Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By
- Katie Donegan, Social Media Manager
- Ed Skoudis, SANS Technology Institute
News 24 Jan 2020
Citrix patches vulnerability as ransomware attacks emerge

Citrix rolls out more patches ahead of schedule for CVE-2019-19781, a directory traversal vulnerability that affects Citrix ADC, Gateway and SD-WAN WANOP products. Continue Reading
By
- Rob Wright, Senior News Director
Tip 21 Jan 2020
Lyft's open source asset tracking tool simplifies security

Security teams need information and context about data in order to keep it safe. Learn how Cartography, Lyft's open source asset tracking tool, creates highly comprehensive maps. Continue Reading
By
- Ed Moyle, SecurityCurve
News 15 Jan 2020
NSA reports flaw in Windows cryptography core

Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA. Continue Reading
By
- Michael Heller, TechTarget
Feature 14 Jan 2020
5 application security threats and how to prevent them

The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses. Continue Reading
By
- Katie Donegan, Social Media Manager
News 13 Jan 2020
Signal Sciences: Enterprises still overlooking web app security

Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that. Continue Reading
By
- Alexander Culafi, Senior News Writer
Answer 13 Jan 2020
7 TCP/IP vulnerabilities and how to prevent them

While many TCP/IP security issues are in the protocol suite's implementation, there are some vulnerabilities in the underlying protocols to be aware of. Continue Reading
By
- Sharon Shea, Executive Editor
News 13 Dec 2019
Google expands multiple Chrome password protection features

Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company. Continue Reading
By
- Ha Ta
Feature 11 Dec 2019
Ideal DevSecOps strategy requires the right staff and tools

Sometimes viewed as an obstacle to speedy software rollout, the DevSecOps model helps security teams drive innovation in development. Learn how to build a DevSecOps strategy. Continue Reading
By
- Katie Donegan, Social Media Manager
News 02 Dec 2019
Exposed Firebase databases hidden by Google search

A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet. Continue Reading
By
- Rob Wright, Senior News Director
News 13 Nov 2019
ZombieLoad v2 disclosed, affects newest Intel chips

Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch. Continue Reading
By
- Michael Heller, TechTarget
Tip 12 Nov 2019
How container adoption affects container security

Scalability and efficiency make container adoption an attractive option for enterprises today. Learn how containerization has evolved and grown since the release of Docker 1.0 five years ago. Continue Reading
By
- Ed Moyle, SecurityCurve
News 06 Nov 2019
Firefox bug is enabling attackers to freeze out users

A recently reported bug in Firefox allows spammed authentication dialogs to lock users out of their browsers and it is under attack in the wild, despite previous efforts to patch. Continue Reading
By
- Michael Heller, TechTarget
News 01 Nov 2019
Threat Stack Application Security Monitoring adds Python support

Now supporting both Python and Node.js, Application Security Monitoring can identify risk throughout the software development lifecycle for both third-party and native code. Continue Reading
By
- Ha Ta
News 31 Oct 2019
Adsterra still connected to malvertising campaign, despite denials

Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading
By
- Rob Wright, Senior News Director
Feature 18 Oct 2019
DevSecOps model requires security get out of its comfort zone

Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
By
- Alissa Irei, Senior Site Editor
News 11 Oct 2019
Palo Alto Networks launches new version of Demisto SOAR platform

New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users. Continue Reading
By
- Ha Ta
News 09 Oct 2019
Twitter 2FA data 'inadvertently' used for advertising

Twitter used two-factor authentication information, including email addresses and phone numbers, to target ads for an unknown number of people over an unknown period of time. Continue Reading
By
- Michael Heller, TechTarget
Feature 07 Oct 2019
To secure DevOps, break culture and tooling barriers

The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 07 Oct 2019
The 3 pillars of a DevSecOps model

In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model. Continue Reading
By
- Sharon Shea, Executive Editor
- Manning Publications Co.
Tip 04 Oct 2019
Virtual network security measures to thwart access threats

Virtual networks add a layer of complexity to the real networks below them. Follow these three virtual network security measures to prevent complexity from creating issues. Continue Reading
By
- Tom Nolle, Andover Intel
News 24 Sep 2019
Cloudflare battles malicious bots with 'fight mode'

Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading
By
- Michael Heller, TechTarget
Tip 19 Sep 2019
How to encrypt and secure a website using HTTPS

The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
- Mike Chapple, University of Notre Dame
Tip 12 Sep 2019
What it takes to be a DevSecOps engineer

To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
By
- Michael Cobb
News 10 Sep 2019
Gigamon launches platform to improve application visibility

Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
By
- Tanner Harding
Tip 27 Aug 2019
Complexity requires new cloud-based patch management strategies

Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 23 Aug 2019
DARPA unveils first SSITH prototype to mitigate hardware flaws

DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches. Continue Reading
By
- Michael Heller, TechTarget
Answer 23 Aug 2019
What's the best way to prevent XSS attacks?

To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid. Continue Reading
By
- Charles Shirer
Answer 20 Aug 2019
Why is patch management important?

Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 20 Aug 2019
How does Menlo Security’s remote browser compare in an ever more crowded space?

There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
By
- Rachel Berry
Tip 16 Aug 2019
DevOps security checklist requires proper integration

There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
By
- Michael Cobb
Feature 08 Aug 2019
CEO on collaboration tool security, insider threats, skills gap

Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO. Continue Reading
By
- Katie Donegan, Social Media Manager
News 07 Aug 2019
Black Hat 2019 keynote: Software teams must own security

In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
By
- Michael Heller, TechTarget
Tip 05 Aug 2019
How to start building a DevSecOps model

To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams. Continue Reading
By
- Michael Cobb
News 17 Jul 2019
BlueKeep blues: More than 800,000 systems still unpatched

Despite alerts from Microsoft and the U.S. government, more than 800,000 online systems have yet to patch the Windows RDP vulnerability two months after it was disclosed. Continue Reading
By
- Rob Wright, Senior News Director
News 17 Jul 2019
E-commerce platforms used for domain spoofing against Best Buy

Despite efforts to flag spoofed domains imitating Best Buy, the sites are still active on e-commerce platforms like Shopify and GearLaunch, which have not taken them down. Continue Reading
By
- Rob Wright, Senior News Director
News 12 Jul 2019
Zoom vulnerability reveals privacy issues for users

Companies and users around the world were impacted by a Zoom conferencing software flaw that could allow threat actors to forcibly join a video call without interaction. Continue Reading
By
- Michael Heller, TechTarget
News 20 Jun 2019
Gartner: Application security programs coming up short

At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By
- Mekhala Roy
News 19 Jun 2019
BlueKeep warnings having little effect on Windows patching

DHS issued the latest security advisory for BlueKeep, but it's unclear whether the repeated warnings are being heeded by organizations that have vulnerable systems on the internet. Continue Reading
By
- Rob Wright, Senior News Director
Answer 19 Jun 2019
How can developers avoid a Git repository security risk?

Learn how managing web development content with the popular version control system can be risky without taking action to avoid these basic Git repository security risks. Continue Reading
By
- Hanno Böck