Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Application Security: We Still Have A Long Way To Go
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
danielcawrey
50%
50%
danielcawrey,
User Rank: Apprentice
11/21/2013 | 5:39:47 PM
Re: App security tools ?
Not providing developers with ample time has always been a problem, at least in my experiences. The reason is usually because developers have to deal with deadlines and demands that management doesn't always know impacts the software development lifecycle. Doesn't anyone else here agree with that assessment?
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
11/21/2013 | 4:23:01 PM
Re: App security tools ?
@irakov raises two great points about 1. companies not giving developers the time they need for security review and testing and 2. guidance about the best tools available to perform those test.  For example,  what are the steps you recommend to make headway against SQL Injection?
irakov
50%
50%
irakov,
User Rank: Apprentice
11/21/2013 | 2:09:07 PM
App security tools ?
Jeff,


The companies still do not allocate enough time for app level security review and testing. HealthCare.gov is one recent example. It would useful if you could write a high-level review of the app security tools that allow projects to address app security issues.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20925
PUBLISHED: 2020-11-24
An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions...
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.