Application Security
News & Commentary
Waratek Wins RSA Innovation Sandbox
Sara Peters, Senior Editor at Dark ReadingNews
RSA: 10th annual event honors runtime application self protection solution for solving Java security problems.
By Sara Peters Senior Editor at Dark Reading, 4/20/2015
Comment0 comments  |  Read  |  Post a Comment
DHS: Most Organizations Need Improvement In Managing Security Risk
Rutrell Yasin, Business Technology Writer, Tech Writers BureauCommentary
At a Department of Homeland Security Summit, government and corporate security teams are taken to task for failing to address critical issues of software assurance, testing and lifecycle support.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 4/20/2015
Comment0 comments  |  Read  |  Post a Comment
Some of the Best Things in Security Are Free
Carric Dooley, WW VP of Foundstone Services, Intel Security
Software tools are available from our consultants free of charge.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
Containing Security
Rishi Bhargava, Vice President and General Manager of the Software Defined Datacenter Group at Intel Security.
How to identify the appropriate security for your container-based virtual applications.
By Rishi Bhargava Vice President and General Manager of the Software Defined Datacenter Group at Intel Security., 4/7/2015
Comment0 comments  |  Read  |  Post a Comment
The Clinton Email Kerfuffle & Shadow IT
Ojas Rege, VP Strategy, MobileIronCommentary
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
By Ojas Rege VP Strategy, MobileIron, 3/20/2015
Comment8 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organization’s applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
Lack of WordPress User Education Affecting Security Posture
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows many users lack knowledge to effectively protect their sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/10/2015
Comment7 comments  |  Read  |  Post a Comment
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment1 Comment  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
Jai Vijayan, Freelance writerNews
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
By Jai Vijayan Freelance writer, 2/13/2015
Comment1 Comment  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Scan Finds 'Ghost' Haunting Critical Business Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Some 41% of enterprise applications using GNU C Library (glibc) employ the Ghost-ridden 'gethostbyname' function, Veracode discovers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/5/2015
Comment2 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment5 comments  |  Read  |  Post a Comment
'Ghost' Not So Scary After All
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015
Comment5 comments  |  Read  |  Post a Comment
Diverse White Hat Community Leads To Diverse Vuln Disclosures
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
By Sara Peters Senior Editor at Dark Reading, 1/22/2015
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1701
Published: 2015-04-21
Unspecified vulnerability in Microsoft Windows before 8 allows local users to gain privileges via unknown vectors, as exploited in the wild in April 2015.

CVE-2015-2041
Published: 2015-04-21
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-2042
Published: 2015-04-21
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-0702
Published: 2015-04-20
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CVE-2015-0703
Published: 2015-04-20
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.