Application Security
News & Commentary
The Hidden Flaws Of Commercial Applications
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyone’s Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentary
Yes, it’s true that the speed of DevOps has made security more difficult. But that doesn’t mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment0 comments  |  Read  |  Post a Comment
10 Questions To Ask Yourself About Securing Big Data
Vincent Weafer, Senior Vice President, Intel Security
Big data introduces new wrinkles for managing data volume, workloads, and tools. Securing increasingly large amounts of data begins with a good governance model across the information life cycle. From there, you may need specific controls to address various vulnerabilities. Here are a set of questions to help ensure that you have everything covered.
By Vincent Weafer Senior Vice President, Intel Security, 4/27/2016
Comment1 Comment  |  Read  |  Post a Comment
Top 10 Web Hacking Techniques For 2015
Ericka Chickowski, Contributing Writer, Dark Reading
The most influential research on vulnerabilities and exploits, as voted on by the security community.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/27/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Mea Culpa: Time To Build Security Into Connectivity
Mark Hoover, CEO, Vidder, Inc.Commentary
How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell.
By Mark Hoover CEO, Vidder, Inc., 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
The Perils Of Dynamically Pulling Dependencies
Jonathan King, Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO
The wide range of functions and broad availability of external packages is a tremendous boon to software development, but keep an eye on the security implications to manage your risk.
By Jonathan King Security Technologist and Intel Principal Engineer in the Intel Security Office of the CTO, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
MIT Launches Bug Bounty Program
Jai Vijayan, Freelance writerNews
University will reward MIT affiliates who find specific categories of flaws in its web domains.
By Jai Vijayan Freelance writer, 4/20/2016
Comment2 comments  |  Read  |  Post a Comment
Android Year In Review: No Successful Stagefright, Certifigate Exploits
Sara Peters, Senior Editor at Dark ReadingNews
Plus, Android users who install apps outside of Google Play are 10 times more likely to have installed a potentially harmful application, according to new Google Android Security Year in Review report.
By Sara Peters Senior Editor at Dark Reading, 4/19/2016
Comment0 comments  |  Read  |  Post a Comment
Rethinking Application Security With Microservices Architectures
Ranga Rajagopalan, Chief Technology Officer, Avi NetworksCommentary
The advantages offered by the container model go against many of the assumptions of traditional security mechanisms. Here are 5 new concepts & 4 best practices you’ll need to understand.
By Ranga Rajagopalan Chief Technology Officer, Avi Networks, 4/15/2016
Comment1 Comment  |  Read  |  Post a Comment
5 Steps to Improve Your Software Supply Chain Security
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment0 comments  |  Read  |  Post a Comment
Java Deserialization: Running Faster Than a Bear
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment3 comments  |  Read  |  Post a Comment
Inconsistent API Security Puts App Economy At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Better ownership and accountability needed in security APIs, report finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/7/2016
Comment0 comments  |  Read  |  Post a Comment
Context & Awareness: It’s All About The Apps
Curtis Dalton, SVP & Global Head of Security Services for Pactera US (a Blackstone portfolio company)Commentary
Why data context, application awareness and training are keys to mitigating security risks,
By Curtis Dalton SVP & Global Head of Security Services for Pactera US (a Blackstone portfolio company), 4/7/2016
Comment0 comments  |  Read  |  Post a Comment
7 Biggest Trends Bubbling Up For Interop
Ericka Chickowski, Contributing Writer, Dark Reading
CISOs and security leaders will find security is top of mind at Interop, when risk management intersects with some of the biggest themes likely to come out of the show.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/6/2016
Comment0 comments  |  Read  |  Post a Comment
Raising The Stakes For Application Security
Jeremiah Grossman, Commentary
Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
By Jeremiah Grossman , 4/1/2016
Comment0 comments  |  Read  |  Post a Comment
Mobile Security: Why App Stores Don’t Keep Users Safe
Avi Bashan, Senior Security Researcher, Check PointCommentary
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
By Avi Bashan Senior Security Researcher, Check Point, 3/24/2016
Comment2 comments  |  Read  |  Post a Comment
Think Risk When You Talk About Application Security Today
Preston Hogue, Director of Security Marketing Architecture, F5 NetworksCommentary
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
By Preston Hogue Director of Security Marketing Architecture, F5 Networks, 3/23/2016
Comment0 comments  |  Read  |  Post a Comment
Understanding The 2 Sides Of Application Security Testing
Jeremiah Grossman, Commentary
Everybody likes to focus on the top 10 vulnerabilities, but I've never found a company with a top 10 vulnerabilities problem. Every company has a different top 10.
By Jeremiah Grossman , 3/14/2016
Comment1 Comment  |  Read  |  Post a Comment
Why Security & DevOps Can’t Be Friends
Kunal Anand, co-founder and CTO, PrevotyCommentary
Legacy applications are a brush fire waiting to happen. But retrofitting custom code built in the early 2000’s is just a small part of the application security problem.
By Kunal Anand co-founder and CTO, Prevoty, 3/9/2016
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He keeps trolling Tumblr by posting 'Yes, this is dog.'"
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.