Application Security
News & Commentary
Some of the Best Things in Security Are Free
Carric Dooley, WW VP of Foundstone Services, Intel Security
Software tools are available from our consultants free of charge.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
Containing Security
Rishi Bhargava, Vice President and General Manager of the Software Defined Datacenter Group at Intel Security.
How to identify the appropriate security for your container-based virtual applications.
By Rishi Bhargava Vice President and General Manager of the Software Defined Datacenter Group at Intel Security., 4/7/2015
Comment0 comments  |  Read  |  Post a Comment
The Clinton Email Kerfuffle & Shadow IT
Ojas Rege, VP Strategy, MobileIronCommentary
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
By Ojas Rege VP Strategy, MobileIron, 3/20/2015
Comment8 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organizationís applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
Lack of WordPress User Education Affecting Security Posture
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows many users lack knowledge to effectively protect their sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/10/2015
Comment7 comments  |  Read  |  Post a Comment
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment1 Comment  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations donít use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
Jai Vijayan, Freelance writerNews
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
By Jai Vijayan Freelance writer, 2/13/2015
Comment1 Comment  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Scan Finds 'Ghost' Haunting Critical Business Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some 41% of enterprise applications using GNU C Library (glibc) employ the Ghost-ridden 'gethostbyname' function, Veracode discovers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/5/2015
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment5 comments  |  Read  |  Post a Comment
'Ghost' Not So Scary After All
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015
Comment5 comments  |  Read  |  Post a Comment
Diverse White Hat Community Leads To Diverse Vuln Disclosures
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
By Sara Peters Senior Editor at Dark Reading, 1/22/2015
Comment6 comments  |  Read  |  Post a Comment
What Government Can (And Canít) Do About Cybersecurity
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015
Comment18 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
DevOpsí Impact on Application Security
DevOpsí Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, itís a ďdevelopers are from Mars, systems engineers are from VenusĒ situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-0967
Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2015-0968
Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0969
Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0970
Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.