Tag Archives: application security

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

Good Hygiene Should be a Foundation of Application Security


June 19, 2013 By
Ryan Berg

Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]

Continue reading...

Application Security, Not so Black & White


May 8, 2013 By
Ryan Berg

I’m glad to see that Simon Phipps, independent open source consultant and a director of the Open Source Initiative, promote the need to manage components effectively. In his recent InfoWorld article he notes: “Cyber security is on the national political agenda, but do we really understand what it takes to be secure? Now that enterprise […]

Continue reading...

New Webinar: Security at the Speed of Development with Wendy Nather, 451 Research


April 15, 2013 By
Emily Blades

Tuesday, April 30, 2013 – 11:00AM-11:45AM EDT (GMT-0400) We have a problem. Application development has become agile, component-based, and open-source-dependent. We’re delivering more software faster than ever before, but security approaches haven’t kept up. Every day we’re forced to make the dangerous choice between speed and security, putting Development and Security at odds. There has […]

Continue reading...

Android Malware Carries Windows Snooping App


February 4, 2013 By
The Vigilant Application Owner

The H – (International) Android malware carries Windows snooping app. Kaspersky has found malware being distributed through the Google Play store that loads malware onto PCs once an infected Android device is plugged in to a PC running Windows. Source: http://www.h-online.com/security/news/item/Android-malware-carries-Windows-snooping-app-1797241.html

Continue reading...

XSS Attacks Remain Top Threat To Web Applications


October 22, 2012 By
The Vigilant Application Owner

Computer Weekly – (International) XSS attacks remain top threat to Web applications. Cross-site scripting (XSS) attacks remain the top threat to Web applications, databases, and Web sites, an analysis of 15 million cyberattacks in the third quarter of 2012 revealed. Other top attack techniques are directory traversals, SQL injections (SQLi), and cross-site request forgery (CSRF), […]

Continue reading...

Building Android Malware Is Trivial With Available Tools


September 27, 2012 By
The Vigilant Application Owner

SecurityWeek – (International) Building Android malware is trivial with available tools. Because of readily available tools that enable even a novice – 18 – developer to create malicious mobile applications, users should be cautious when downloading and installing mobile apps, especially from non-official App Stores. Developing Android malware to harvest information is a trivial task […]

Continue reading...

That’s Billion with a B: Is Java Having an “Outlook” Moment?


September 26, 2012 By
Tim O'Brien

I’m a broken record, I know, but every month that goes by we get more and more news that suggests that Java developers (and the companies that support Java) are slow to wake up to these threats. You remember Outlook, maybe some of you are unlucky enough to still use Outlook, but for Microsoft, Outlook […]

Continue reading...

Researchers beat up Google’s Bouncer


June 25, 2012 By
The Vigilant Application Owner

Dark Reading – (International) Researchers beat up Google’s Bouncer. Two security researchers from security firm Trustwave submitted increasingly malicious versions of an Android application to Google Play, Dark Reading reported June 25. Each variant of the application was scanned by Bouncer, Google’s security-checking application, and it failed to flag them as malicious, the researchers plan […]

Continue reading...