Application Security
News & Commentary
Facebook Adds Tor Support
Thomas Claburn, Editor-at-LargeCommentary
Facebook wants to allow people to use its service without being watched or censored. Is that some kind of privacy oxymoron?
By Thomas Claburn Editor-at-Large, 10/31/2014
Comment0 comments  |  Read  |  Post a Comment
The Performance Penalties of Bloatware-Based Next-Gen Firewalls
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
At last month’s Oracle OpenWorld 2014, Intel president Renee James spoke of the need to eliminate the “performance penalties” of today’s most urgently needed ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment8 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, Commentary
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment11 comments  |  Read  |  Post a Comment
Microsoft, Facebook Support Services A Scam, FTC Says
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
FTC shutters company that allegedly duped consumers out of $2.5 million by falsely detecting computer viruses and selling bogus software.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/27/2014
Comment5 comments  |  Read  |  Post a Comment
Open-Source Software Brings Bugs To Web Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2014
Comment10 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
Open Source v. Closed Source: What's More Secure?
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
By Sara Peters Senior Editor at Dark Reading, 10/17/2014
Comment6 comments  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment7 comments  |  Read  |  Post a Comment
CMS Plug-Ins Put Sites At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/15/2014
Comment0 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
In AppSec, ‘Fast’ Is Everything
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
By Jeff Williams CTO, Aspect Security & Contrast Security, 10/13/2014
Comment5 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Homeland Security Funds Software Security Initiative
William Jackson, Technology WriterCommentary
The DHS contributes $23.5 million toward the Software Assurance Market Place to enable software developers to test open source programs and improve software analysis tools.
By William Jackson Technology Writer, 10/8/2014
Comment0 comments  |  Read  |  Post a Comment
Heartland CEO On Why Retailers Keep Getting Breached
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/6/2014
Comment17 comments  |  Read  |  Post a Comment
How A Major Bank Hacked Its Java Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Deutsche Bank London helped create a new application self-defense tool to lock down and virtually patch its Java-based enterprise applications -- even the oldest ones.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2014
Comment2 comments  |  Read  |  Post a Comment
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment8 comments  |  Read  |  Post a Comment
Dark Reading Radio: Trends In Application Security
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
By Marilyn Cohodas Community Editor, Dark Reading, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
Mobile Device Security Isn't All About Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Roberto Medrano, executive vice president of SOA Software, explains why securing mobile applications and APIs is so essential.
By Sara Peters Senior Editor at Dark Reading, 9/19/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.