Manage

Software and application security

• Use TODO comments for secure software, development to production

  Security is often considered a software development burden, despite its importance. Learn app developer tricks to ensure security controls make it from development to production. Continue Reading

• Security testing web applications and systems in the modern enterprise

  Security testing web apps with little budget and poor documentation is difficult. Ric Messier discusses building a security testing lab in the DevSecOps, cloud and automation age. Continue Reading

• Put application security testing at the top of your do-now list

  It's time to take a new attitude toward application security. Learn what must be tested and the specific steps that will take your apps from vulnerable to fortified. Continue Reading

• Craft an effective application security testing process

  For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading

• What is shellcode and how is it used?

  Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading

• DevSecOps model requires security get out of its comfort zone

  Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge.Continue Reading

• To secure DevOps, break culture and tooling barriers

  The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved.Continue Reading

• Office 365 security challenges and how to solve them

  To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription.Continue Reading

• Using virtual appliances for offload is a key encryption strategy

  Using a virtual appliance to process traffic is a key encryption strategy enterprises can use to improve throughput. The results are strikingContinue Reading

• AI, machine learning in cybersecurity focused on behavior

  Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now.Continue Reading

• Automated patch management and the challenges from IoT

  From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company.Continue Reading

• Security for applications: What tools and principles work?

  Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job.Continue Reading

• Email security issues: How to root out and solve them

  Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more.Continue Reading

• Killer discovery: What does a new Intel kill switch mean for users?

  Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci.Continue Reading

• Flash's end of life: How should security teams prepare?

  Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made.Continue Reading

• How the Docker REST API can be turned against enterprises

  Security researchers discovered how threat actors can use the Docker REST API for remote code execution attacks. Michael Cobb explains this threat to Docker containers.Continue Reading

• Why DevOps security must be on infosecs' priority list

  In the rush to implement DevOps, security is too often overlooked. But DevSecOps is essential in these hack-filled days. Learn how to add security to software development.Continue Reading

• To secure Office 365, take advantage of controls Microsoft offers

  Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers.Continue Reading

• Totally automatic: Improve DevOps and security in three key steps

  Concerned about DevOps security? Learn three key steps to embedding security into the software development process, including how to improve automation.Continue Reading

• Security as a Service: Benefits and risks of cloud-based security

  Know the pros and cons to cloud-based security services before making the leap.Continue Reading

• Challenges with data protection in the cloud

  Capabilities such as encryption and DLP can be complicated in the cloud.Continue Reading