Email Alerts
-
Cloud security creates new challenges
Security consultant Heinz Zerbes writes that cloud security creates different challenges, and offers advice on how to meet them. Cloud Security
-
Vendors slow to act on bug reports
Two Australian organisations - a bank and a security consultancy - say vendors are not responsive when they report newly-found bugs. Feature
-
Two 'critical' bulletins planned for April 2013 Patch Tuesday
Microsoft plans to issue nine bulletins for its April 2013 Patch Tuesday release, including two "critical" fixes for Internet Explorer and Windows iterations. News | 04 Apr 2013
-
Enterprise app security tops list for enterprise mobile deployments
Enterprises have yet to roll out mobile versions of most of their applications, a recent survey says. One key factor moving forward is security. News | 18 Feb 2013
-
Pen testers should broaden scope, focus more on people, expert says
Pen testers often focus on system errors and application flaws, but employees are often an enterprise's greatest weakness, explains Chris Nickerson. News | 01 Oct 2012
-
Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.” News | 01 May 2012
-
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says
The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News | 25 Apr 2012
-
Copycat apps, runaway coding a growing threat, RSA panel says
Despite application store controls set by Apple and Google, a panel of mobile application security experts say the potential exists for weaponized applications. News | 01 Mar 2012
-
Developers must improve mobile app security or face backlash, experts say
Poorly coded mobile applications and the inability to protect the back-end systems supporting them, harms the integrity of the entire application ecosystem, said software security expert Jacob West at RSA Conference 2012. News | 29 Feb 2012
-
Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers. News | 16 Feb 2012
-
Cloud providers and data sovereignty issues
Australian cloud provider Ninefold warn that understanding who has legal access to company and personal private data is not as simple as checking a box and selecting the 'in-country' option. News | 11 Aug 2011
-
When Apple iOS HTTPS certificate failures are silent
If you're in any doubt whether last week's iOS update is worthwhile, take heed of this warning. News | 03 Aug 2011
- See more News on Application security
-
How to develop cloud applications based on Web app security lessons
Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms. Tip
-
Monitoring cloud services requires business support, existing tools
Existing security tools and business relationships are often the best methods for monitoring cloud services to spot rogue clouds in the enterprise. Tip
-
How to overcome unique cloud-based patch management challenges
Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles. Tip
-
Windows Server 2012 security: Is it time to upgrade?
Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release. Tip
-
Leveraging Microsoft Azure security features for PaaS security
Organisations can boost PaaS security late in the game by implementing these stopgap measures. Tip
-
With mobile payments, security teams must move quickly
As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure. Tip
-
SaaS security: Weighing SaaS encryption options
A look at SaaS encryption techniques and challenges. Tip
-
How to secure Remote Desktop Services in Windows Server 2008
Learn how to secure terminal services - now known as Remote Desktop Services - in this Brien Posey tip. Tip
-
How to detect and stop SQL injection attacks
Learn how to stop automated SQL injection worms invading your web servers. Tip
-
Finding Mobile device security training courses for IT admins
Expert Davey Winder suggests some good security training courses for the IT administrator who must manage their organisation’s mobile devices. Ask the Expert
-
Open source software security issues: How to review OSS for security
A reader asks how to judge the security of open source software products. Expert Michael Cobb lists three areas to check. Ask the Expert
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Video
-
Two 'critical' bulletins planned for April 2013 Patch Tuesday
Microsoft plans to issue nine bulletins for its April 2013 Patch Tuesday release, including two "critical" fixes for Internet Explorer and Windows iterations. News
-
How to develop cloud applications based on Web app security lessons
Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms. Tip
-
Enterprise app security tops list for enterprise mobile deployments
Enterprises have yet to roll out mobile versions of most of their applications, a recent survey says. One key factor moving forward is security. News
-
Monitoring cloud services requires business support, existing tools
Existing security tools and business relationships are often the best methods for monitoring cloud services to spot rogue clouds in the enterprise. Tip
-
How to overcome unique cloud-based patch management challenges
Expert Dave Shackleford discusses how patch management differs in a cloud environment and provides tips for dealing with new patching obstacles. Tip
-
Windows Server 2012 security: Is it time to upgrade?
Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release. Tip
-
Pen testers should broaden scope, focus more on people, expert says
Pen testers often focus on system errors and application flaws, but employees are often an enterprise's greatest weakness, explains Chris Nickerson. News
-
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Video
-
Leveraging Microsoft Azure security features for PaaS security
Organisations can boost PaaS security late in the game by implementing these stopgap measures. Tip
-
With mobile payments, security teams must move quickly
As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure. Tip
- See more All on Application security
About Application security
Learn about the best practices for application security, including hardening your application environments, setting application security policy and securing databases.