Software and application security

Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.

Top Stories

Answer 25 Jan 2022
What is shellcode and how is it used?

Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading
By
- Michael Cobb
News 12 Jan 2022
Exchange Server woes continue on January Patch Tuesday

Exchange Server admins who had to cope with a Y2K22 error to start the new year have three more vulnerabilities of varying levels of severity to resolve for Patch Tuesday. Continue Reading
By
- Tom Walat, Site Editor

Definition 07 Oct 2021
decompile

To decompile means to convert executable or ready-to-run program code -- sometimes called object code -- into some form of higher-level programming language that humans can easily understand. Continue Reading
By
- Rahul Awati
Feature 14 Sep 2021
Why companies should use AI for fraud management, detection

AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
By
- Isabella Harford, TechTarget
News 04 Aug 2021
Matt Tait warns of 'stolen' zero-day vulnerabilities

During Black Hat 2021, the COO of Corellium discussed three main threats that have ramped up: stolen zero days, zero days being exploited in the wild and supply chain attacks. Continue Reading
By
- Arielle Waldman, News Writer
Definition 07 May 2021
kill switch

A kill switch in an IT context is a mechanism used to shut down or disable a device or program. Continue Reading
By
- TechTarget Contributor
Tip 30 Mar 2020
Best practices for threat modeling service mesh, microservices

In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
By
- Ed Moyle, Drake Software
Tip 25 Mar 2020
How to prevent buffer overflow attacks

Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By
- Sharon Shea, Executive Editor
Tip 27 Feb 2020
How to use TODO comments for secure software development

Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production. Continue Reading
By
- Michael Cobb
Tip 16 Jan 2020
Craft an effective application security testing process

For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
News 27 Nov 2019
Cisco cries foul over security flaw in Zoom Connector

A flaw in Zoom's gateway for managing third-party video devices left customers vulnerable to snooping. Cisco criticized the vendor for failing to use the proper APIs to design the service. Continue Reading
By
- Jonathan Dame
Answer 06 Nov 2019
Network security vs. application security: What's the difference?

Different tools protect different assets at the network and application layers. But both network and application security need to support the larger security plan. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 18 Oct 2019
DevSecOps model requires security get out of its comfort zone

Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
By
- Alissa Irei, Senior Site Editor
Tip 12 Sep 2019
What it takes to be a DevSecOps engineer

To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
By
- Michael Cobb
News 10 Sep 2019
Gigamon launches platform to improve application visibility

Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
By
- Tanner Harding
Podcast 30 Aug 2019
VMUG president: Carbon Black acquisition is 'compelling'

In this podcast from VMworld, VMUG President Steve Athanas discusses Workspace One upgrades and the security potential that the Carbon Black acquisition brings to VMware. Continue Reading
By
- Jesse Scardina, News Writer
Tip 16 Aug 2019
DevOps security checklist requires proper integration

There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
By
- Michael Cobb
News 02 Aug 2019
Cisco security flaw leads to $8.6M payout in whistleblower case

The settlement resolves allegations that a Cisco security flaw left governments vulnerable to hackers for years without the company taking action. Continue Reading
By
- Jonathan Dame
News 12 Jul 2019
Zoom security issues leave vendor scrambling

A researcher's report on a Zoom security vulnerability caused an uproar this week, ultimately forcing the video conferencing provider to apologize for its poor response to the issue. Continue Reading
By
- Jonathan Dame
Tip 08 Jul 2019
Office 365 security challenges and how to solve them

To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription. Continue Reading
By
- Kevin Tolly, The Tolly Group
News 20 Jun 2019
Gartner: Application security programs coming up short

At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By
- Mekhala Roy
Guide 03 May 2019
How to manage application security best practices and risks

The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading
By
- Katie Donegan, Social Media Manager
News 22 Apr 2019
IoT device testing made possible with BeStorm X

BeStorm X, a black-box fuzzer by Beyond Security and Ubiquitous AI, tests IoT devices to identify security weaknesses and vulnerabilities before they're exploited. Continue Reading
By
- Sabrina Polin, Managing Editor
News 08 Feb 2019
Trustwave finds security flaw in old Lifesize video products

Trustwave publicly identified a flaw in several legacy Lifesize video products this week, after the vendor initially indicated it had no immediate plans for a patch. Continue Reading
By
- Jonathan Dame
News 13 Dec 2018
Project Zero finds Logitech Options app critically flawed

Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw. Continue Reading
By
- Hanno Böck
Podcast 20 Sep 2018
Risk & Repeat: Trend Micro apps land in hot water

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features. Continue Reading
By
- Rob Wright, Senior News Director
News 20 Jul 2018
SaaS activity alerts can mitigate manual misconfigurations

SaaS activity management is becoming more important for infosec teams to combat issues of insider theft and unintentional exposure of sensitive data, BetterCloud's David Politis says. Continue Reading
By
- Michael Heller, TechTarget
Answer 16 Jul 2018
Android vulnerability: How can users mitigate Janus malware?

The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis. Continue Reading
By
- Nick Lewis
Feature 22 Mar 2018
SAP CSO Justin Somaini on using blockchain for security

Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software. Continue Reading
By
- Rob Wright, Senior News Director
Tip 05 Mar 2018
Automated patch management and the challenges from IoT

From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 27 Nov 2017
Security for applications: What tools and principles work?

Better app security requires both designing security in and protecting it from without. Learn how to work it from both angles and what tools you'll need for the job. Continue Reading
By
- Paul Rostick
Tip 09 Nov 2017
Email security issues: How to root out and solve them

Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 09 Nov 2017
Killer discovery: What does a new Intel kill switch mean for users?

Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci. Continue Reading
By
- Matthew Pascucci
Answer 16 Oct 2017
Telerik web UI: Can the cryptographic weakness be mitigated?

A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options for companies to explore. Continue Reading
By
- Judith Myerson
Answer 12 Oct 2017
How can hackers use subtitle files to control endpoint devices?

New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens. Continue Reading
By
- Judith Myerson
Answer 05 Oct 2017
Flash's end of life: How should security teams prepare?

Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made. Continue Reading
By
- Matthew Pascucci
Tip 05 Oct 2017
How the Docker REST API can be turned against enterprises

Security researchers discovered how threat actors can use the Docker REST API for remote code execution attacks. Michael Cobb explains this threat to Docker containers. Continue Reading
By
- Michael Cobb
Tip 05 Sep 2017
Why DevOps security must be on infosecs' priority list

In the rush to implement DevOps, security is too often overlooked. But DevSecOps is essential in these hack-filled days. Learn how to add security to software development. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Guide 30 Aug 2017

How to craft an application security strategy that's airtight

A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out. Continue Reading
Tip 12 Jun 2017
To secure Office 365, take advantage of controls Microsoft offers

Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 12 Jun 2017
Office 365 security features: As good as it gets?

Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 12 Jun 2017
Address Office 365 security concerns while enjoying its benefits

Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC