Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack... READ MORE

My View of the Evolving Threat Landscape

sporemba's picture
By Sue Poremba April 19, 2016  | Security News

One of the most difficult challenges in cybersecurity – perhaps the most difficult challenge, depending on who you talk to – is how quickly the threat landscape changes and shifts. It seems as if no sooner is one set of security protocols in place, new regulations and compliances are required or the attack vector changes. It’s no wonder that so many companies struggle with... READ MORE

You Lose

anielsen's picture
By Anne Nielsen April 18, 2016  | Intro to AppSec

How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 16, 2016  | Security News

Our weekly application security news roundup for April 11 to April 15 2016 features commentary on Badlock, ransomware trends and a new Internet security threat report. Read on for details on the following headlines: Badlock vulnerability is not critical, Two major insurers enter cyber insurance arena, Symantec issues Internet security threat report, A new type of ransomware emerges, The U.S.... READ MORE

Badlock Is A Serious Hole, But How It Was Preannounced Is A Disgrace

eschuman's picture
By Evan Schuman April 14, 2016  | Security News

There is something unnerving—and even a tad repugnant—about announcing that there's a massive security hole and that it won't be patched for weeks. Welcome to Badlock. What possible legitimate security goal is advanced by this publicity stunt? The bug, which marketers for Samba dubbed Badlock, is extremely serious and potentially disruptive, which is what makes the... READ MORE

Top 4 Ways Vulnerabilities Creep Into Your Software

sciccone's picture
By Suzanne Ciccone April 12, 2016  | Intro to AppSec

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE

The Four(ish) Appsec Metrics You Can’t Ignore

TJarrett's picture
By Tim Jarrett April 11, 2016  | Managing AppSec

Metrics are important in application security, and not just because they allow us to quantify the otherwise unquantifiable work of reducing risk that application security teams do. Metrics provide us with a way to communicate the progress of an application security program, whether to a development team that needs encouragement, to senior management or the board who want to understand the value... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 8, 2016  | Security News

Our weekly application security news roundup for April 4 to April 8 2016 features a new type of ransomware, the cost of the Sony breach and details on energy grid hacks. Read on for details on the following headlines: ·         Yet another hospital attacked with ransomware, ·         FBI says that a... READ MORE

The Apple-FBI Security Lesson: Redundant Protections Are Essential

eschuman's picture
By Evan Schuman April 7, 2016

If there's one security lesson that can taken from this FBI versus Apple surrealistic encounter, it's that security redundancy is truly important. We're talking multi-layered security, where any one or two layers can completely fail and security is still maintained. Why? Let's look at the latest in the FBI-Apple encryption dance. And if any of you bought into this "this Apple... READ MORE

Why is SQL Injection Still Around?

dstrom's picture
By David Strom April 4, 2016  | Secure Development

While there are many Web hacking exploits, none are as simple or as potentially destructive as SQL injection. This isn’t news: the attack method has been around for more than a decade. Sadly, for something so old it is still one of the most popular ways to penetrate networks and extract data. And it is easy to find and almost as easy to avoid. Why is SQL injection still with us? It all... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.