Application Security
News & Commentary
Cyber Monday: What Retailers & Shoppers Should Watch For
Sara Peters, Senior Editor at Dark ReadingNews
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
By Sara Peters Senior Editor at Dark Reading, 11/24/2015
Comment1 Comment  |  Read  |  Post a Comment
SAFECode Releases Framework For Assessing Security Of Software
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Guide for evaluating how software companies are adopting secure coding and security support practices.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/23/2015
Comment0 comments  |  Read  |  Post a Comment
Why The Java Deserialization Bug Is A Big Deal
Jai Vijayan, Freelance writerNews
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
By Jai Vijayan Freelance writer, 11/19/2015
Comment0 comments  |  Read  |  Post a Comment
Exploit Kit Explosion Will Keep Victims Off Kilter
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit C&C infrastructure expanded by 75% in Q3.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/18/2015
Comment0 comments  |  Read  |  Post a Comment
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
Sara Peters, Senior Editor at Dark ReadingNews
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
By Sara Peters Senior Editor at Dark Reading, 11/9/2015
Comment0 comments  |  Read  |  Post a Comment
AndroBugs: A Framework For Android Vulnerability Scanning
Sara Peters, Senior Editor at Dark ReadingNews
At Black Hat Europe next week, a researcher will present a framework he says is more systematic than the vulnerability scanners popping up on the market.
By Sara Peters Senior Editor at Dark Reading, 11/4/2015
Comment0 comments  |  Read  |  Post a Comment
Attackers Demand Ransom Following Massive Hack on TalkTalk
Jai Vijayan, Freelance writerNews
Intrusion is believed to have exposed sensitive data on all four million customers of UK broadband provider.
By Jai Vijayan Freelance writer, 10/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Secure Software Development in the IoT: 5 Golden Rules
Lev Lesokhin, Executive VP, Strategy, CASTCommentary
The evolving threat landscape doesn’t merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently.
By Lev Lesokhin Executive VP, Strategy, CAST, 10/19/2015
Comment0 comments  |  Read  |  Post a Comment
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Dark Reading Staff, Quick Hits
Critical bug wasn't expected to be fixed until next week.
By Dark Reading Staff , 10/16/2015
Comment0 comments  |  Read  |  Post a Comment
The State of Apple Security
Sara Peters, Senior Editor at Dark Reading
A small market share and a trusted development environment protected Apple a long time, but will that last? Plus, EXCLUSIVE: more data on who's behind XCodeGhost.
By Sara Peters Senior Editor at Dark Reading, 10/14/2015
Comment7 comments  |  Read  |  Post a Comment
Why DevOps Fails At Application Security
Julien Bellanger, CEO & Cofounder, PrevotyCommentary
In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.
By Julien Bellanger CEO & Cofounder, Prevoty, 10/13/2015
Comment3 comments  |  Read  |  Post a Comment
Jailbreaking Mobile Devices: That’s Not The Real Problem
Adam Ely, COO, BlueboxCommentary
Despite what mobile operating system vendors say, it’s the OS flaws that put everyone at risk.
By Adam Ely COO, Bluebox, 10/9/2015
Comment1 Comment  |  Read  |  Post a Comment
Defending & Exploiting SAP Systems
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
By Sara Peters Senior Editor at Dark Reading, 10/7/2015
Comment1 Comment  |  Read  |  Post a Comment
10 Password Managers For Business Use
Sara Peters, Senior Editor at Dark Reading
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
By Sara Peters Senior Editor at Dark Reading, 9/28/2015
Comment3 comments  |  Read  |  Post a Comment
Deconstructing The Challenges Of Software Assurance For Connected Cars
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
By Anna Chiang Technical Marketing Manager, Perforce Software, 9/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Shellshock’s Cumulative Risk One Year Later
Morey Haber, VP, Technology, BeyondTrustCommentary
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
By Morey Haber VP, Technology, BeyondTrust, 9/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Bitcoin, Security Concerns Drive Blockchain Technology Adoption
Larry Loeb, Blogger, InformationweekCommentary
Suprising players, such as IBM, are adopting the blockchain technology known best for Bitcoin transactions.
By Larry Loeb Blogger, Informationweek, 9/22/2015
Comment0 comments  |  Read  |  Post a Comment
The Common Core Of Application Security
Jason Schmitt, VP & General Manager, Fortify, HP Enterprise Security ProductsCommentary
Why you will never succeed by teaching to the test.
By Jason Schmitt VP & General Manager, Fortify, HP Enterprise Security Products, 9/22/2015
Comment3 comments  |  Read  |  Post a Comment
Why It’s Insane To Trust Static Analysis
Jeff Williams, CTO, Contrast SecurityCommentary
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
By Jeff Williams CTO, Contrast Security, 9/22/2015
Comment5 comments  |  Read  |  Post a Comment
XcodeGhost Another Crack In Apple's Circle of Trust
Sara Peters, Senior Editor at Dark ReadingNews
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
By Sara Peters Senior Editor at Dark Reading, 9/21/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio