Application Security
News & Commentary
Simplifying Application Security: 4 Steps
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
It’s time to leave behind the misconceptions about the cost and effort required by effective application security. Here’s how.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 2/10/2016
Comment1 Comment  |  Read  |  Post a Comment
Zero Trust: Now A Critical Foundation For Securing Mobile
Adam Ely, COO, BlueboxCommentary
No longer willing to rely on an OS that doesn't provide the security features they need, developers are taking steps to secure apps, defend data, and protect users.
By Adam Ely COO, Bluebox, 2/3/2016
Comment0 comments  |  Read  |  Post a Comment
IEEE Anti-Malware Support Service Goes Live
Mark Kennedy, Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working GroupCommentary
Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection.
By Mark Kennedy Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working Group, 2/1/2016
Comment0 comments  |  Read  |  Post a Comment
Hot-Patching Tools Another Crack In Apple's Walled Garden
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at FireEye investigate how the tools some iOS developers use to push out patches more quickly are themselves a threat to Apple security.
By Sara Peters Senior Editor at Dark Reading, 1/27/2016
Comment9 comments  |  Read  |  Post a Comment
The Apple App Store Incident: Trouble in Paradise?
Paul Drapeau, Principal Security Researcher, ConferCommentary
The fact that Apple’s security model has worked so well in the past doesn’t mean it will work well forever. Here’s why.
By Paul Drapeau Principal Security Researcher, Confer, 1/22/2016
Comment3 comments  |  Read  |  Post a Comment
Linux Kernel Bug Allows Local-To-Root Privilege Escalation
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Tens of millions of Linux servers, desktops, plus 66 percent of Android devices affected.
By Sara Peters Senior Editor at Dark Reading, 1/19/2016
Comment2 comments  |  Read  |  Post a Comment
The State Of Mobile Insecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
It's deja vu all over again as mobile app development looks like traditional dev shops did a half a decade ago.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/13/2016
Comment0 comments  |  Read  |  Post a Comment
Top Survival Tips For IE End-Of-Life
Sara Peters, Senior Editor at Dark ReadingNews
If an immediate upgrade to the latest version is not an option for all your machines running Internet Explorer, here's how to mitigate your risk.
By Sara Peters Senior Editor at Dark Reading, 1/13/2016
Comment1 Comment  |  Read  |  Post a Comment
We Are What We Eat: Software Assurance Edition
Mike Pittenger, Vice President, Product Strategy at Black Duck SoftwareCommentary
The fact that open-source code you use is free from vulnerabilities today doesn’t mean that it will remain that way in the near future.
By Mike Pittenger Vice President, Product Strategy at Black Duck Software, 1/13/2016
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Caught Scent Of Silverlight Zero-Day In Hacking Team Breach
Sara Peters, Senior Editor at Dark ReadingNews
Hacking Team wasn't interested in this critical, cross-platform, remote code execution bug in Silverlight, but the exploit writer may have found another buyer.
By Sara Peters Senior Editor at Dark Reading, 1/13/2016
Comment0 comments  |  Read  |  Post a Comment
The Changing Face Of Encryption: What You Need To Know Now
Yehuda Lindell, Co-founder & Chief Scientist, Dyadic SecurityCommentary
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
By Yehuda Lindell Co-founder & Chief Scientist, Dyadic Security, 12/30/2015
Comment4 comments  |  Read  |  Post a Comment
Oracle Settles FTC Charges That It Deceived Users About Java Security Updates
Dark Reading Staff, Quick Hits
Oracle will have to be more forthright and communicate the truth via social media and anti-virus companies going forward.
By Dark Reading Staff , 12/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Juniper Discovers Unauthorized Code In Its Firewall OS
Jai Vijayan, Freelance writerNews
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
By Jai Vijayan Freelance writer, 12/18/2015
Comment0 comments  |  Read  |  Post a Comment
‘Re-innovating’ Static Analysis: 4 Steps
Kevin E. Greene, Cyber Security Thought LeaderCommentary
Before we pronounce the death of static analysis, let’s raise the bar with a modern framework that keeps pace with the complexity and size found in today’s software.
By Kevin E. Greene Cyber Security Thought Leader, 12/9/2015
Comment4 comments  |  Read  |  Post a Comment
By Renaming Flash Professional, Adobe Does Little To Alleviate Security Concerns
Jai Vijayan, Freelance writerNews
More than a rebranding, what is really needed is an end to Flash, say some security analysts.
By Jai Vijayan Freelance writer, 12/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Monday: What Retailers & Shoppers Should Watch For
Sara Peters, Senior Editor at Dark ReadingNews
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
By Sara Peters Senior Editor at Dark Reading, 11/24/2015
Comment12 comments  |  Read  |  Post a Comment
SAFECode Releases Framework For Assessing Security Of Software
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Guide for evaluating how software companies are adopting secure coding and security support practices.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/23/2015
Comment0 comments  |  Read  |  Post a Comment
Why The Java Deserialization Bug Is A Big Deal
Jai Vijayan, Freelance writerNews
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
By Jai Vijayan Freelance writer, 11/19/2015
Comment0 comments  |  Read  |  Post a Comment
Exploit Kit Explosion Will Keep Victims Off Kilter
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit C&C infrastructure expanded by 75% in Q3.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/18/2015
Comment2 comments  |  Read  |  Post a Comment
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
Sara Peters, Senior Editor at Dark ReadingNews
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
By Sara Peters Senior Editor at Dark Reading, 11/9/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by saiopen
Current Conversations nice post
In reply to: Re: interesting video
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The latest security upgrade to the OPM site
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.