Keeping Your Breach a Secret and Other Self-Destructive Decisions

eschuman's picture
By Evan Schuman July 21, 2016  | Security News

Here's a delightful bit of survey happiness out of Ireland: a vendor survey found that "almost half of Irish businesses wouldn’t disclose a data security breach to impacted third parties, including customers and suppliers." Even worse, these results likely underestimate how many execs agree with that thinking, but are shrewd enough to not share that with someone taking a... READ MORE

Ubuntu Forums Hacked – How Secure Is Your Community?

jzorabedian's picture
By John Zorabedian July 18, 2016  | Security News

Your web communities are an important way to engage your customers and solicit their feedback, but web forums are yet another website to secure, another potential entry point for attackers. A recent data breach shows just what can happen when community forums are left vulnerable. Canonical, the developer of the open-source Ubuntu operating system, announced last Friday that a database for its... READ MORE

3 Ways to Improve Your AppSec Program

nbousselham's picture
By Nabil Bousselham July 15, 2016  | Managing AppSec

It’s not a secret that applications have been a top vector for data breaches over the last five years (DBIR 2015). As organizations wade deeper into the DevOps era, it’s clear that a mature Application security program is a key pillar for organizational success. In this article I would like to present to you three ways to improve your application security program. 1. Establish a risk... READ MORE

App Encryption Soaring, But How It's Being Done Is Where Things Get Interesting

eschuman's picture
By Evan Schuman July 14, 2016  | Security News

There's a very interesting new Ponemon Institute report on app encryption, which concludes that app encryption usage is sharply increasing, as it has consistently for years. The report found 37 percent of the companies examined this year embrace enterprise encryption, up from 15 percent in 2005. The report sees this as a good thing and the upward trend is certainly encouraging. But to find... READ MORE

You Can’t Keep Up With the Security Demand

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Intro to AppSec

Developers are cranking out code faster than ever, and the threat landscape is growing and changing at an equally fast pace – all while the number of skilled security professionals is at an all-time low. If your application security strategy is to test code after it’s completed, then scramble to fix whatever’s broken, or worse, patch vulnerabilities in code as you hear about... READ MORE

Top Metrics to Demonstrate the Need to Expand an Application Security Program

sciccone's picture
By Suzanne Ciccone July 12, 2016  | Managing AppSec

You’ve started an application security initiative, yet you know you need to do more. But how do you prove the need to do more? Whether you’re making the case to executives or developers, we’ve found it’s hard to argue with numbers. Collecting a few key metrics will create a clear picture of where you are falling short, and where you need to expand your program. Every... READ MORE

Think Your Data Leaks Are Limited To Your Databases? Think Again

eschuman's picture
By Evan Schuman July 7, 2016  | Security News

Security professionals spend an awful lot of time trying to protect sensitive corporate information, locking it away in virtual vaults, as they should. But they often neglect to protect the people who have the keys/combinations to those virtual vaults—in some cases, protecting those key-holders from themselves. This comes to mind as a recent story in The Intercept reminded us of how easy we... READ MORE

Amplifying Security Feedback with RASP and DevOps

TJarrett's picture
By Tim Jarrett July 7, 2016  | Managing AppSec

When talking about how to secure DevOps, the conversation often starts with how to fit application security testing into the continuous integration/continuous deployment (CI/CD) pipeline. That’s a great area for concern, and there are lots of people writing about the topic. But limiting your thoughts about securing DevOps to “the pipeline” commits a classic fallacy: assuming... READ MORE

Obscured Data Can Be A Psychological Security Trap

eschuman's picture
By Evan Schuman July 5, 2016  | Security News

Encryption and tokenization are great security tools—when executed properly—as they sidestep protecting data and instead attempt to make the data worthless to thieves. It's a great strategy. But when it's executed improperly, it can insidiously weaken security. This happens when IT gets cocky and overconfident that the data would indeed be worthless to attackers and starts to... READ MORE

Staying Ahead of Hidden Vulnerabilities in Your System

sporemba's picture
By Sue Poremba June 29, 2016  | Intro to AppSec

It’s been two years since the Heartbleed vulnerability made news, had companies scrambling for a fix, and sent computer users into a panic. It’s been a while since there has been a vulnerability of that magnitude to create headlines, but it doesn’t mean that vulnerabilities aren’t hiding in the software we use every day. Just this week alone, vulnerabilities have been... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.