Application Security
News & Commentary
Deleting Emails Original Sin: An Historical Perspective
Alexander Garca-Tobar, ValiMail CEO & co-founderCommentaryy
Can DMARC do for email security what SSL certificates did for e-commerce?
By Alexander Garca-Tobar ValiMail CEO & co-founder, 10/24/2016
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security Replacing Cybersecurity Industry, Says Analyst
Dark Reading Staff, Quick Hits
UBS predicts flat corporate spending on IT as cloud computing service providers look set to take over cybersecurity customers.
By Dark Reading Staff , 10/17/2016
Comment0 comments  |  Read  |  Post a Comment
Certifying Software: Why Were Not There Yet
Kevin E. Greene, Cyber Security Thought LeaderCommentaryy
Finding a solution to the software security and hygiene problem will take more than an Underwriters Lab seal of approval.
By Kevin E. Greene Cyber Security Thought Leader, 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
Businesses Sacrifice Security To Get Apps Released Faster
Kelly Sheridan, Associate Editor, InformationWeekNews
As the app economy continues to drive change in IT security, businesses struggle to meet customer demands while keeping their data secure.
By Kelly Sheridan Associate Editor, InformationWeek, 10/11/2016
Comment0 comments  |  Read  |  Post a Comment
BSIMM Shows Secure Software Development Making Inroads
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The long road to making secure software development a mainstream practice remains a work in progress for healthcare, other industries.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Fear & Loathing In The Cloud
Tim Prendergast, Founder & CEO, Evident.ioCommentaryy
Whether you've already bought your ticket for the cloud or still have some issues to sort through, fine-tune your security practices to make sure your ride is a smooth one.
By Tim Prendergast Founder & CEO,, 9/29/2016
Comment5 comments  |  Read  |  Post a Comment
Microsoft Launches Windows Defender App Guard For Its Edge Browser
Kelly Sheridan, Associate Editor, InformationWeekNews
Microsoft debuts a new tool to strengthen security in its Edge browser for Windows Enterprise customers.
By Kelly Sheridan Associate Editor, InformationWeek, 9/26/2016
Comment0 comments  |  Read  |  Post a Comment
An Open-Source Security Maturity Model
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
By Sara Peters Senior Editor at Dark Reading, 9/23/2016
Comment0 comments  |  Read  |  Post a Comment
How Windows 10 Stops Script-Based Attacks On The Fly
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
By Sara Peters Senior Editor at Dark Reading, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentaryy
This slightly modified model is a practical way to keep attackers out of your systems.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
Florida Man Charged With Hacking Linux Servers
Dark Reading Staff, Quick Hits
Donald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.
By Dark Reading Staff , 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Jamesha Fisher, Security Operations Engineer of GitHub, visits the Dark Reading News Desk at Black Hat to discuss her work making security more accessible to the uninitiated, and how a predominately white and male information security field can better support women and people of color.
By Sara Peters Senior Editor at Dark Reading, 9/20/2016
Comment2 comments  |  Read  |  Post a Comment
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Mike Baker, Founder & Principal, Mosaic451Commentaryy
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
By Mike Baker Founder & Principal, Mosaic451, 9/19/2016
Comment5 comments  |  Read  |  Post a Comment
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
Mike Milner, Cofounder & CTO, IMMUNIOCommentaryy
The security approaches of yesterday wont work in the cloud world of today and tomorrow.
By Mike Milner, Immunio , 9/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Google Chrome To Flag Non-HTTPS Logins, Credit Card Info 'Not Secure'
Terry Sweeney, Contributing EditorNews
The move is part of a larger Google push to lock down Web traffic using encryption between the browser and Web server.
By Terry Sweeney Contributing Editor, 9/15/2016
Comment0 comments  |  Read  |  Post a Comment
Yes, The Cloud Can Be A Security Win
Stan Black, CSO, CitrixCommentaryy
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
By Stan Black CSO, Citrix, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Stop Blaming Users. Make Security User-Friendly.
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Jelle Niemantsverdriet of Deloitte explains how security improves if security tools and error messages educate users and 'put a smile on someone's face.'
By Sara Peters Senior Editor at Dark Reading, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Wisdom From A Thought Leader: AppSec Best Practices
Dark Reading Staff, CommentaryyVideo
The Black Hat News Desk chats with Jeff Williams, CTO at Contrast Security.
By Dark Reading Staff , 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
Portrait Of A Bug Bounty Hacker
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Bounty programs attract young, self-taught hackers who primarily depend on it as a lucrative side gig.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
Cryptographic Key Reuse Remains Widespread In Embedded Products
Jai Vijayan, Freelance writerNews
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
By Jai Vijayan Freelance writer, 9/6/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
DevOps Impact on Application Security
DevOps Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, its a developers are from Mars, systems engineers are from Venus situation.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.