Application Security

Application security news, trends, analysis and practical advice

vector mobile app development concept 178207541

Blackhat_2017
video

Safeguarding power grids and other critical infrastructure from data leaks

CSO senior writer Steve Ragan talks with cybersecurity experts Krypt3ia and Kodor about how the pair seek out passwords, schematics and other sensitive documents on SCADA control system architectures that shouldn't be available...

Blackhat_2017
video

Bringing behavioral game theory to security defenses

Kelly Shortridge and CSO senior writer Fahmida Y Rashid talk about using behavioral game theory to take advantage of hackers’ mistakes and manipulate the data they think they're receiving. People generally make decisions by either...

Faraday_Blackhat2017
video

Simple tips to keep your devices secure when you travel

CSO security reporters Fahmida Rashid and Steve Ragan share some easy ways to keep your data and devices secure while traveling, even at the Black Hat conference, where active scanning is the norm. (And check out the built-in Faraday...

The dark web's changed
video

How the dark web has gone corporate

Some criminals on the dark web are taking their cues from the practices of corporate IT. Illicit offerings run the gamut from code that buyers have to implement themselves to turnkey solutions and consulting services.

Blackhat_2017
video

How DevOps and cloud will speed up security

Zane Lackey, CSO and co-founder of Signal Sciences, talks with CSO senior writer Fahmida Rashid about how DevOps and cloud can help organizations embed security into their technology structures, enabling business to move faster.

Blackhat_2017
video

Stop blaming users for security misses

Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer...

patch bandage scissors first-aid kit

Yes, Windows patches are a mess, but you should still install them

March and April patches had their share of bugs, but with a Word zero-day threatening now's the time to update your Windows PCs. Here's how to navigate the minefields

email encryption

Top 5 email security best practices to prevent malware distribution

With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organizations – their security teams and employees – to adopt appropriate security strategies...

Security online

Pwn2Own ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

hacker, hackers, hacking

Adobe Reader, Edge, Safari and Ubuntu fall in first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader and Ubuntu Desktop.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

microsoft stock campus building

Google discloses unpatched IE flaw after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

0 shadow it intro

8 steps to regaining control over shadow IT

Learn how to discover those employees who went roaming for outside services.

code programming software bugs cybersecurity

JavaScript-based attack simplifies browser exploits

Researchers have devised a new attack that can bypass address space layout randomization (ASLR) in browsers and possibly other applications.

161214 apple newyork

What happens when tech companies make television shows

Short version: It's not good. Apple's Planet of the Apps is not exactly popcorn-friendly.

BSOD

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server

Load More