Verizon’s 2016 Data Breach Investigations Report Demonstrates Traditional Approaches to AppSec Aren’t Working

jlavery's picture
By Jessica Lavery May 5, 2016  | Security News

It has taken me a few days to wade through all the data and information in this year’s Verizon Data Breach Investigations Report, but I’ve finally found the time to read it all the way to the end. As always, the report is full of interesting statistics about breach and incident trends. While each section of the report offered valuable insights and information, I found the section on... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 29, 2016  | Security News

Our weekly application security news roundup for April 25 to April 29 2016 features the 2016 Verizon report on data braches, details on the Bangladesh Central Bank breach and a breach at Qatar’s largest bank. Read on for details on the following headlines:  Verizon releases its annual data breach report, How Bangladesh Central Bank was hacked, IoT security growing, Breach at Qatar... READ MORE

How to Get More Done on AppSec Without Adding Staff

avohra's picture
By Arun Vohra April 27, 2016  | Managing AppSec

It doesn't take an army to reduce appsec risk - here are five ways you can get more out of a smaller team. We all know there is a shortage of skilled security professionals in the current marketplace, particularly as many organisations move to address their risk in the application security space. Application security is a higher priority for C-Level Executives these days. This is partly due... READ MORE

Peripheral Security Issues Today Are Anything But Peripheral

eschuman's picture
By Evan Schuman April 25, 2016  | Security News

Last week, Microsoft issued an optional security alert relating to peripherals and specifically mice. Until the patch is implemented, Microsoft said, the peripheral could receive plain English—aka QWERTY—key packets in keystroke communications issued from receiving USB wireless dongles to the RP addresses of wireless mouse devices. This is a fine way for cyberthieves to hijack... READ MORE

Why Poring Through Lines of Code is Flinstonian: The Story of Fred the Code Reviewer

lmercer's picture
By Laurie Mercer April 20, 2016  | Intro to AppSec

Fred arrives at his customer site with a brief job description, a name, address and telephone number. The job is a secure code reviewer. Secure code reviewers are often employed to try to find security weaknesses during or at the end of a development cycle. A security consultant, typically a penetration tester or secure coding expert, will look at the source code and try to find weaknesses... READ MORE

My View of the Evolving Threat Landscape

sporemba's picture
By Sue Poremba April 19, 2016  | Security News

One of the most difficult challenges in cybersecurity – perhaps the most difficult challenge, depending on who you talk to – is how quickly the threat landscape changes and shifts. It seems as if no sooner is one set of security protocols in place, new regulations and compliances are required or the attack vector changes. It’s no wonder that so many companies struggle with... READ MORE

You Lose

anielsen's picture
By Anne Nielsen April 18, 2016  | Intro to AppSec

How the heck did that happen? They just took your business. Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor... READ MORE

This Week's AppSec News Roundup

eseymour's picture
By Eric Seymour April 16, 2016  | Security News

Our weekly application security news roundup for April 11 to April 15 2016 features commentary on Badlock, ransomware trends and a new Internet security threat report. Read on for details on the following headlines: Badlock vulnerability is not critical, Two major insurers enter cyber insurance arena, Symantec issues Internet security threat report, A new type of ransomware emerges, The U.S.... READ MORE

Badlock Is A Serious Hole, But How It Was Preannounced Is A Disgrace

eschuman's picture
By Evan Schuman April 14, 2016  | Security News

There is something unnerving—and even a tad repugnant—about announcing that there's a massive security hole and that it won't be patched for weeks. Welcome to Badlock. What possible legitimate security goal is advanced by this publicity stunt? The bug, which marketers for Samba dubbed Badlock, is extremely serious and potentially disruptive, which is what makes the... READ MORE

Top 4 Ways Vulnerabilities Creep Into Your Software

sciccone's picture
By Suzanne Ciccone April 12, 2016  | Intro to AppSec

Software makes the world go round these days, and it’s also causing a lot of problems. The U.S. Department of Homeland Security recently found that 90 percent of security incidents result from exploits against defects in software. It sometimes seems like we’re just rolling out the red carpet for cyberattackers with our applications. Why is software so riddled with security defects?... READ MORE


Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.