Application Security

Application security news, trends, analysis and practical advice


The dark web's changed
video

How the dark web has gone corporate

Some criminals on the dark web are taking their cues from the practices of corporate IT. Illicit offerings run the gamut from code that buyers have to implement themselves to turnkey solutions and consulting services. Here’s a look at...

Blackhat_2017
video

How DevOps and cloud will speed up security

Zane Lackey, CSO and co-founder of Signal Sciences, talks with CSO senior writer Fahmida Rashid about how DevOps and cloud can help organizations embed security into their technology structures, enabling business to move faster.

Blackhat_2017
video

Stop blaming users for security misses

Does the message to users about security need to change? Or does IT need to rebuild infrastructure so users can worry less about security? Wendy Nather, principal security strategist at Duo Security, talks with CSO senior writer...

patch bandage scissors first-aid kit

Yes, Windows patches are a mess, but you should still install them

March and April patches had their share of bugs, but with a Word zero-day threatening now's the time to update your Windows PCs. Here's how to navigate the minefields

email encryption

Top 5 email security best practices to prevent malware distribution

With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organizations – their security teams and employees – to adopt appropriate security strategies...

Security online

Pwn2Own ends with two virtual machine escapes

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

hacker, hackers, hacking

Adobe Reader, Edge, Safari and Ubuntu fall in first day at Pwn2Own

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader and Ubuntu Desktop.

20160225 stock mwc ericsson booth security locks

How much are vendor security assurances worth after the CIA leaks?

Google, Apple, Microsoft and other software vendors are working to identify and patch the vulnerabilities described in the CIA leak, but ultimately this doesn't change the status quo of software security.

code programming software bugs cybersecurity

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

microsoft stock campus building

Google discloses unpatched IE flaw after Patch Tuesday delay

Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.

0 shadow it intro

8 steps to regaining control over shadow IT

Learn how to discover those employees who went roaming for outside services.

code programming software bugs cybersecurity

JavaScript-based attack simplifies browser exploits

Researchers have devised a new attack that can bypass address space layout randomization (ASLR) in browsers and possibly other applications.

161214 apple newyork

What happens when tech companies make television shows

Short version: It's not good. Apple's Planet of the Apps is not exactly popcorn-friendly.

BSOD

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

Computers running fully patched Windows 10, 8.1, Server 2012, and 2016 are hit by Blue Screens when trying to connect to an infected server

20151027 oracle cloud on building 100625234 orig

Oracle patches raft of vulnerabilities in business applications

Oracle released its first batch of security patches this year fixing 270 vulnerabilities, mostly in business-critical applications.

Black Hat 2015

The CSO guide to top security conferences

CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.

adobe systems headquarters san jose

Adobe patches critical flaws in Flash Player, Reader and Acrobat

Adobe Systems released security updates for its Flash Player, Adobe Reader and Acrobat products fixing critical vulnerabilities that could allow attackers to install malware on computers.

Load More