Application Security
News & Commentary
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, Commentary
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment8 comments  |  Read  |  Post a Comment
Microsoft, Facebook Support Services A Scam, FTC Says
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
FTC shutters company that allegedly duped consumers out of $2.5 million by falsely detecting computer viruses and selling bogus software.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/27/2014
Comment5 comments  |  Read  |  Post a Comment
Open-Source Software Brings Bugs To Web Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2014
Comment10 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
Open Source v. Closed Source: What's More Secure?
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
By Sara Peters Senior Editor at Dark Reading, 10/17/2014
Comment6 comments  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment7 comments  |  Read  |  Post a Comment
CMS Plug-Ins Put Sites At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/15/2014
Comment0 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
In AppSec, ‘Fast’ Is Everything
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
By Jeff Williams CTO, Aspect Security & Contrast Security, 10/13/2014
Comment5 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Homeland Security Funds Software Security Initiative
William Jackson, Technology WriterCommentary
The DHS contributes $23.5 million toward the Software Assurance Market Place to enable software developers to test open source programs and improve software analysis tools.
By William Jackson Technology Writer, 10/8/2014
Comment0 comments  |  Read  |  Post a Comment
Heartland CEO On Why Retailers Keep Getting Breached
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/6/2014
Comment17 comments  |  Read  |  Post a Comment
How A Major Bank Hacked Its Java Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deutsche Bank London helped create a new application self-defense tool to lock down and virtually patch its Java-based enterprise applications -- even the oldest ones.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2014
Comment2 comments  |  Read  |  Post a Comment
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment8 comments  |  Read  |  Post a Comment
Dark Reading Radio: Trends In Application Security
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
By Marilyn Cohodas Community Editor, Dark Reading, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
By Jeff Williams CTO, Aspect Security & Contrast Security, 9/19/2014
Comment11 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment13 comments  |  Read  |  Post a Comment
Facebook App Privacy Revamp: Check Your Settings
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook's redesigned App Settings page makes it easier to control apps and the information they can access. Here's what you need to know.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/16/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.