Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

Bridging the Cybersecurity Information Gap in Higher Education

amcguinness's picture
By Amanda McGuinness October 25, 2016  | Security News
To fix the security skills gap, we need to go back to school.

Cybersecurity professionals are some of the most highly sought after candidates in the job market. With most businesses taking advantage of web applications to streamline their operations, every company is a software company - and they all need security. Before now, the position of security professional remained a bit cryptic. More traditional roles in marketing or sales demonstrated obvious... READ MORE

The App Security Battle Is Winnable, But Only If You Suit Up

eschuman's picture
By Evan Schuman October 20, 2016  | Security News
Suit up for fixing app security.

How dangerous are your app security holes? Sadly, they are quite dangerous and getting far more so. In a study released Tuesday (Oct. 18) that examined billions of lines of code from 300,000 assessments performed over the last 18 months, a stunning 97 percent of Java applications contained at least one component with a known vulnerability. To be fair, that probably isn't that surprising. Nor... READ MORE

Message Encryption Is Great—Depending On Who Has The Key

eschuman's picture
By Evan Schuman October 14, 2016  | Security News
Message encryption.

Corporate execs are understandably worried these days about all of their electronic communications. Whether messages can be intercepted by corporate spies working for the opposition, government investigators snooping for terrorists or cyberthieves looking to steal what they can get, anything that is intercepted can wind up somewhere else. See Edward Snowden. It's therefore quite... READ MORE

DevOops Redux: A Chat with Chris Gates and Ken Johnson

ndupaul's picture
By Neil DuPaul October 12, 2016  | Security News

This week at OWASP AppSec USA there's a schedule packed with great sessions focusing on devops, shifting left, automation and more. I was lucky enough to get some time from Chris Gates, Sr Security Engineer, Uber and Ken Johnson's, CTO nVisium, busy schedule to ask them a few questions related to their session at AppSec, DevOops: Redux - a defense oriented follow up to their popular talk... READ MORE

Five signals that the future is strong for Boston’s Women in Tech

mloughlin's picture
By Maria Loughlin October 11, 2016  | Security News
RevBoston 2016 Badass Women

This weekend I was among 21 women recognized as a Rev Boston “Badass” woman in tech. My co-honorees and I are senior leaders in tech who work at landmark institutions (e.g. Boston Children’s Hospital), high-flyer local companies (e.g. Veracode, WayFair, HubSpot, Carbon Black, CarGurus), as well as mid-size and tiny startups (e.g. Toast, Drizly, TetraScience, clypd,... READ MORE

Has The Media Finally Figured Out The Importance Of App Security?

eschuman's picture
By Evan Schuman October 7, 2016  | Security News
Image of crowd of press representatives.

It certainly has taken long enough, but it seems like non-tech media outlets have figured out that applications make wonderful entry points for cyberthieves. Given the layers of complexity that many enterprise apps feature today, it's hardly surprising that they boast massive security holes. That message seems to be finally sinking in. Consider just a few recent media reports, from NBC News... READ MORE

How to Get Developers and Security to Win-Win This Cyber Security Awareness Month

jzorabedian's picture
By John Zorabedian October 5, 2016  | Security News

October is National Cyber Security Awareness Month (NCSAM), a commendable public-private initiative focused on training businesses and users in practicing better digital hygiene. If there’s one drawback to awareness programs like NCSAM, it’s the potential for awareness to spike in the short-term and fall off in the long-term. Without follow-up training and continuous learning,... READ MORE

What the Micro Focus, HP Software Merger Means for the Future of AppSec

jlavery's picture
By Jessica Lavery October 4, 2016  | Security News
Uncertainty in future of HP software products after merger with Micro Focus

Whenever there is a merger or acquisition of a technology company, there is uncertainty about the future of products offered by either company. What is the new strategy? Will the solution I purchased continue to be supported, or even exist? Now that the technological and business ramifications of Micro Focus’ intent to merge with Hewlett-Packard Enterprise’s software business segment... READ MORE

How Soon Will We See the First Billion-Dollar Security Vulnerability?

jzorabedian's picture
By John Zorabedian October 3, 2016  | Security News
Billion dollar security breach.

In a shocking announcement last month, Yahoo confirmed that data on 500 million user accounts was compromised in 2014, the largest data breach in history. Could it also become the most expensive?" Yahoo is in the final phases of a deal with Verizon to sell itself to the telecom giant for a mind-boggling sum of $4.8 billion. The breach bombshell can’t have gone over well in Verizon... READ MORE

Why Apple Won't Ever House A Security Backdoor

eschuman's picture
By Evan Schuman October 3, 2016  | Security News
Apple and software backdoors.

Much has been written about Apple's official stance against giving law enforcement an encryption backdoors into its customers' files. And Apple's firm position against a backdoor has been painted as a marketing decision, as it gives people a really good reason to buy Apple devices instead of Android or something else. On top of that reality is the argument that a backdoor isn't... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.