Security development News
April 12, 2017
Microsoft fundamentally changes how IT pros will consume Patch Tuesday releases with the Security Update Guide and brings fixes for an actively exploited Word zero-day.
March 30, 2017
You're an ops pro, and your hair is on fire for eight different reasons. Now, your IT leadership says you must think about security in DevOps. What do you do?
March 14, 2017
After its cancelled February Patch Tuesday, Microsoft's March 2017 Patch Tuesday includes nine critical Windows security bulletins targeting remote code execution flaws.
February 01, 2017
Thanks to a polarizing election, the potential ramifications of cybersecurity attacks are front and center. Your friends and relatives probably have some concept of what it is that you actually do and its importance. But the daily challenges of protecting most enterprise environments is less like The Americans than they might think. Still, it's exciting. In this issue of Information Security magazine, we look at the incoming threats in 2017 and some countermeasures that can help your organization bolster its defenses.
Last year, we saw the internet of things used as a beachhead in larger cybersecurity attacks. Many devices now use cloud-based systems to communicate. They regularly send status updates to the cloud server and retrieve new commands to execute. Weak and incorrectly implemented authentication between device and cloud is often the point of failure that can be exploited to either attack the cloud infrastructure or the device. So far, destructive attacks are not common and are mostly limited to distributed denial-of-service attacks, which do not cause permanent damage. But future attacks, if they are combined with ransom demands, may destroy devices intentionally.
Breaches of cloud storage that modify data instead of just "stealing" it and vulnerabilities in microservices environments are other areas in which attackers may get more leverage. With the emergence of cloud-based microservices, this problem will only become worse. Instead of including a library in software shipped to clients, the software now relies on cloud-based web services to perform certain functions. We look at what is coming next and ways to mitigate these cybersecurity attacks.
Security development Get Started
Bring yourself up to speed with our introductory content
Industrial IoT is changing the face of embedded development, as security implications and wireless complexity associated with it must be addressed. Continue Reading
There's no silver bullet for fostering DevOps adoption in a large enterprise, but a single application's quality results can be the tipping point to get the rest of the organization on board. Continue Reading
In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design efforts. Continue Reading
Evaluate Security development Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
IoT security guidelines from DHS and NIST aim to help IoT organizations and users create a framework for secure IoT development. Continue Reading
Transparent checkpointing can help developers, but challenges crop up with security and storage. A computer science professor explains some of the caveats involved. Continue Reading
How do you integrate the needs of the business and third-party services with security? Veracode’s Chief Strategy Officer Sam King has some answers. Continue Reading
Manage Security development
Learn to apply best practices and optimize your operations.
Never-ending network challenges mean IT and business leaders need to adopt a unified information security policy management platform. Continue Reading
Many CISOs are now in the hot seat, seeking better ways to embrace mobility while combating high-priority mobile security threats. As mobile devices become productivity tools, security professionals need to pay attention to data classification and mobile risk assessment. Failed attempts to safeguard enterprise data by banning mobile data access or locking down smartphones and tablets demonstrate a pressing need for more effective strategies against mobile security threats. We explore pitfalls to avoid and best practices that have proven effective. Learn about emerging technologies -- from containerized apps to context-aware policies -- that can help your enterprise stop costly mobile data leaks.
Integration and better performance is the name of the game as enterprise firewalls offer greater visibility, next-generation IPS and advanced threat functionality without slowing down the network. We asked readers who plan to invest in security technology in the next the 12 months which enterprise firewalls and advanced threat detection tools made it onto their short lists. We unveil Readers’ Top Picks for enterprise firewalls from perimeter to next generation systems. We also ask them about the layers of defense, namely advanced threat detection, that they seek for these security appliances. Finally, keeping up with technology advances can become a full-time job. We ask CISOs what strategies they adopt to follow the latest tech and how they find benchmarks to determine its enterprise effectiveness. Continue Reading
Marcus Ranum chats with Gary McGraw about secure system design and the IEEE Computer Center for Secure Design’s top 10 list of what to avoid. Continue Reading
Problem Solve Security development Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
Apple now restricts mobile app developers from using hot patching, as the technique can change app behavior after it is reviewed. Expert Kevin Beaver goes over enterprise concerns. Continue Reading
Eric Patterson, executive director of the SANS Technology Institute, explains why it's time to rethink educational development to strengthen the cybersecurity workforce. Continue Reading
The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works. Continue Reading