Security News

Check in here for all the late-breaking AppSec news, including details about new vulnerabilities and recent breaches.

RSA: Attacks on Critical Infrastructure: Insights from the “Big Board”

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

Despite the fact that this was yet another cyberwar-related talk, and I had just finished speaking with Fred Kaplan about the history of cyberwar, I was really excited about this RSA session – mostly due to the Dr. Strangelove reference. Cyberwar and attacks on critical infrastructure are a major theme at this year’s conference. What was different about this session was that it wasn... READ MORE

RSA: Reflections on Intelligent Application Security

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

This morning at RSA, I attended a session focused on doing application security in a more intelligent way. The presentation, given by Julian Cohen of Flatiron Health, focused on the inadequacies of manual penetration testing. He listed issues such as human error and bias as well as the tendency to scope projects incorrectly, which leaves much of the application untested. The comment that most... READ MORE

RSA: John Dickson - Does Breach Fixation Distort Reality?

jlavery's picture
By Jessica Lavery March 3, 2016  | Security News

John Dickson, Principal at the Denim Group, talked at RSA about the noise we see in the security market today around breaches, zero-day exploits and other catchy topics in the media. It’s the nature of the media to find the most sensational stories because they sell papers/get clicks. To be fair, if something isn’t sensational, it isn’t news, but this noise can take... READ MORE

RSA DevOps Throw Down – Keeping it Real With Chris, Caleb, Gary, and Shannon

jlavery's picture
By Jessica Lavery March 2, 2016  | Security News

On Monday, I attended portions of the DevOps seminar at the RSA Conference. Today (Tuesday), the conference featured another DevOps-related session, but this time, it was a panel “throw down,” which turned out to be a bit more (to use the moderator’s words) controversial and lively. Shannon Lietz of Intuit moderated the discussion between Chris Wysopal, co-founder and CTO of CA... READ MORE

RSA: Remarks by Admiral Michael S. Rogers, U.S. Navy, Commander, U.S. Cyber Command, Director, National Security Agency/Chief, Central Security Service

jlavery's picture
By Jessica Lavery March 2, 2016  | Security News

Given the focus on the FBI/Apple case during the morning keynotes at RSA on Tuesday, I had thought the remarks by Admiral Rogers would have addressed the topic more directly. However, instead of a discussion on encryption and the importance of national security, we were treated to a lesson on the mission statements of the NSA and the US Cyber Command, as well as a call to action for industry and... READ MORE

DevOps Connect: Rugged DevOps Seminar – Make Code Not War

jlavery's picture
By Jessica Lavery March 1, 2016  | Security News

On Monday, the RSA Conference featured a full-day DevOps Connect Seminar. In order to attend some of the other sessions, I had to pop in and out of the seminar, so I wasn’t able to see the entire agenda. However, the portions I was able to attend seemed a little like déjà vu, as I imagine they would for anyone from CA Veracode. One of the main topics in the opening remarks was that DevOps... READ MORE

How to Explain Cybersecurity to the Board Using a Simple Metaphor: FIRE

jlavery's picture
By Jessica Lavery March 1, 2016  | Security News

All the high-profile breaches of the past few years have put more attention on cybersecurity than ever before. As a result, what was once, at best, a bullet point during board meetings is now a topic the board is eager to understand better. This increased attention is great, but many security leaders aren’t used to this level of scrutiny from the board, so they aren’t sure how to talk... READ MORE

Recap: RSA Conference 2016

jlavery's picture
By Jessica Lavery March 1, 2016  | Security News

Acting as one of CA Veracode’s content producers has its perks. One of those perks is being able to attend RSA and having the privilege of sitting in as many sessions as I can fit into a day. Yesterday was the first day of the RSA Conference, and the area around the Moscone Center was already bustling. I attended a variety of sessions, and there was one common thread among all the presentations... READ MORE

glibc – This Will Not Be the Last Open Source Component Vulnerability We See

jlavery's picture
By Jessica Lavery February 17, 2016  | Security News

46610717_ml.jpg On Tuesday, February 16th, Google researchers issued a vulnerability disclosure for glibc (CVE-2015-7547). Though the media has dubbed this an “extremely severe bug,” it seems the majority of news articles and responses to this disclosure have been both measured and appropriate. This is surprising since the media typically hypes branded vulnerabilities,... READ MORE

The ironic battle over crypto

TJarrett's picture
By Tim Jarrett February 4, 2016  | Security News

This post was originally published February 4, 2016 on: www.Jarrethousenorth.com   1365081_ml.jpg Bruce Schneier: Security vs. Surveillance. As the dust finally settles from the breach of the US Office of Personnel Management, in which personal information for 21.5 million Americans who were Federal employees or who had applied for security clearances with the government... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu