Application Security
News & Commentary
Shaping A Better Future For Software Security
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Here’s a recap of what you missed.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment8 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment3 comments  |  Read  |  Post a Comment
Beginning Of The End For Patch Tuesday
Sara Peters, Senior Editor at Dark ReadingNews
Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.
By Sara Peters Senior Editor at Dark Reading, 5/7/2015
Comment6 comments  |  Read  |  Post a Comment
Rapid7 Picks Up NTObjectives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Adds 25 new employees and further diversifies testing capabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/4/2015
Comment1 Comment  |  Read  |  Post a Comment
BBVA CISOs Give Tips For Securing 'Digital Bank'
Sara Peters, Senior Editor at Dark ReadingNews
At RSA conference today, CISOs at the multinational financial organization describe security strategy.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Waratek Wins RSA Innovation Sandbox
Sara Peters, Senior Editor at Dark ReadingNews
RSA: 10th annual event honors runtime application self protection solution for solving Java security problems.
By Sara Peters Senior Editor at Dark Reading, 4/20/2015
Comment0 comments  |  Read  |  Post a Comment
DHS: Most Organizations Need Improvement In Managing Security Risk
Rutrell Yasin, Business Technology Writer, Tech Writers BureauCommentary
At a Department of Homeland Security Summit, government and corporate security teams are taken to task for failing to address critical issues of software assurance, testing and lifecycle support.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 4/20/2015
Comment0 comments  |  Read  |  Post a Comment
Some of the Best Things in Security Are Free
Carric Dooley, WW VP of Foundstone Services, Intel Security
Software tools are available from our consultants free of charge.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
Containing Security
Rishi Bhargava, Vice President and General Manager of the Software Defined Datacenter Group at Intel Security.
How to identify the appropriate security for your container-based virtual applications.
By Rishi Bhargava Vice President and General Manager of the Software Defined Datacenter Group at Intel Security., 4/7/2015
Comment0 comments  |  Read  |  Post a Comment
The Clinton Email Kerfuffle & Shadow IT
Ojas Rege, VP Strategy, MobileIronCommentary
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
By Ojas Rege VP Strategy, MobileIron, 3/20/2015
Comment8 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organization’s applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
Lack of WordPress User Education Affecting Security Posture
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows many users lack knowledge to effectively protect their sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/10/2015
Comment7 comments  |  Read  |  Post a Comment
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment1 Comment  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL! Very funny.
In reply to: Re: Is $4 Billion enough?
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0999
Published: 2015-06-02
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

CVE-2014-8391
Published: 2015-06-02
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.

CVE-2015-0759
Published: 2015-06-02
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-0850
Published: 2015-06-02
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

CVE-2015-1945
Published: 2015-06-02
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

Dark Reading Radio
Archived Dark Reading Radio
From Target to Sony to Anthem, they are happening all around you: the “big” data breaches that compromise critical data and threaten the welfare of the corporate brand. Is your organization ready to respond?