Software and application security
Get advice on software application security. Here you'll find information on software vulnerability and threat management, application attacks, software security tools, application firewalls, software patching and more.
Top Stories
-
Answer
25 Jan 2022
What is shellcode and how is it used?
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk. Continue Reading
By -
News
12 Jan 2022
Exchange Server woes continue on January Patch Tuesday
Exchange Server admins who had to cope with a Y2K22 error to start the new year have three more vulnerabilities of varying levels of severity to resolve for Patch Tuesday. Continue Reading
By- Tom Walat, Site Editor
-
Definition
07 Oct 2021
decompile
To decompile means to convert executable or ready-to-run program code -- sometimes called object code -- into some form of higher-level programming language that humans can easily understand. Continue Reading
By -
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
By- Isabella Harford, TechTarget
-
News
04 Aug 2021
Matt Tait warns of 'stolen' zero-day vulnerabilities
During Black Hat 2021, the COO of Corellium discussed three main threats that have ramped up: stolen zero days, zero days being exploited in the wild and supply chain attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
07 May 2021
kill switch
A kill switch in an IT context is a mechanism used to shut down or disable a device or program. Continue Reading
-
Tip
30 Mar 2020
Best practices for threat modeling service mesh, microservices
In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
By- Ed Moyle, Drake Software
-
Tip
25 Mar 2020
How to prevent buffer overflow attacks
Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
By- Sharon Shea, Executive Editor
-
Tip
27 Feb 2020
How to use TODO comments for secure software development
Don't let security be a software development burden. Learn app developer tricks, such as using TODO comments, to ensure security controls make it from development to production. Continue Reading
By -
Tip
16 Jan 2020
Craft an effective application security testing process
For many reasons, only about half of all web apps get proper security evaluation and testing. Here's how to fix that stat and better protect your organization's systems and data. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
27 Nov 2019
Cisco cries foul over security flaw in Zoom Connector
A flaw in Zoom's gateway for managing third-party video devices left customers vulnerable to snooping. Cisco criticized the vendor for failing to use the proper APIs to design the service. Continue Reading
-
Answer
06 Nov 2019
Network security vs. application security: What's the difference?
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger security plan. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Feature
18 Oct 2019
DevSecOps model requires security get out of its comfort zone
Shifting from DevOps to DevSecOps isn't always easy, with the transition requiring changes to culture, processes and people. Here's how security can help lead the charge. Continue Reading
By- Alissa Irei, Senior Site Editor
-
Tip
12 Sep 2019
What it takes to be a DevSecOps engineer
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
By -
News
10 Sep 2019
Gigamon launches platform to improve application visibility
Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
-
Podcast
30 Aug 2019
VMUG president: Carbon Black acquisition is 'compelling'
In this podcast from VMworld, VMUG President Steve Athanas discusses Workspace One upgrades and the security potential that the Carbon Black acquisition brings to VMware. Continue Reading
By- Jesse Scardina, News Writer
-
Tip
16 Aug 2019
DevOps security checklist requires proper integration
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
By -
News
02 Aug 2019
Cisco security flaw leads to $8.6M payout in whistleblower case
The settlement resolves allegations that a Cisco security flaw left governments vulnerable to hackers for years without the company taking action. Continue Reading
-
News
12 Jul 2019
Zoom security issues leave vendor scrambling
A researcher's report on a Zoom security vulnerability caused an uproar this week, ultimately forcing the video conferencing provider to apologize for its poor response to the issue. Continue Reading
-
Tip
08 Jul 2019
Office 365 security challenges and how to solve them
To understand the Office 365 threat landscape, take stock of the application features and programs available based on the organization's license level of the subscription. Continue Reading
By- Kevin Tolly, The Tolly Group
-
News
20 Jun 2019
Gartner: Application security programs coming up short
At the 2019 Gartner Security and Risk Management Summit, experts discussed how enterprise application security efforts are falling short and what can be done about it. Continue Reading
By -
Guide
03 May 2019
How to manage application security best practices and risks
The reality of application security risks requires software developers to be mindful of testing, tools and best practices to improve user experience and information security. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
22 Apr 2019
IoT device testing made possible with BeStorm X
BeStorm X, a black-box fuzzer by Beyond Security and Ubiquitous AI, tests IoT devices to identify security weaknesses and vulnerabilities before they're exploited. Continue Reading
By- Sabrina Polin, Managing Editor
-
News
08 Feb 2019
Trustwave finds security flaw in old Lifesize video products
Trustwave publicly identified a flaw in several legacy Lifesize video products this week, after the vendor initially indicated it had no immediate plans for a patch. Continue Reading
-
News
13 Dec 2018
Project Zero finds Logitech Options app critically flawed
Tavis Ormandy of Google's Project Zero discovered a serious authentication vulnerability in Logitech's Options application, but the peripheral device maker has yet to address the flaw. Continue Reading
By -
Podcast
20 Sep 2018
Risk & Repeat: Trend Micro apps land in hot water
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features. Continue Reading
By- Rob Wright, Senior News Director
-
News
20 Jul 2018
SaaS activity alerts can mitigate manual misconfigurations
SaaS activity management is becoming more important for infosec teams to combat issues of insider theft and unintentional exposure of sensitive data, BetterCloud's David Politis says. Continue Reading
By- Michael Heller, TechTarget
-
Answer
16 Jul 2018
Android vulnerability: How can users mitigate Janus malware?
The Janus vulnerability was found injecting malicious code into reputable Android apps. Once injected, users' endpoints become infected. Learn how to prevent this with expert Nick Lewis. Continue Reading
By -
Feature
22 Mar 2018
SAP CSO Justin Somaini on using blockchain for security
Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
05 Mar 2018
Automated patch management and the challenges from IoT
From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
09 Nov 2017
Email security issues: How to root out and solve them
Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Answer
09 Nov 2017
Killer discovery: What does a new Intel kill switch mean for users?
Cybersecurity company Positive Technologies recently discovered an Intel kill switch in the vendor's Management Engine. Learn more about this kill switch with expert Matt Pascucci. Continue Reading
-
Answer
16 Oct 2017
Telerik web UI: Can the cryptographic weakness be mitigated?
A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options for companies to explore. Continue Reading
-
Answer
12 Oct 2017
How can hackers use subtitle files to control endpoint devices?
New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how this happens. Continue Reading
-
Answer
05 Oct 2017
Flash's end of life: How should security teams prepare?
Adobe Flash's end of life is coming, and it includes an incremental removal method, allotting security teams enough time to adjust. Matt Pascucci explains how changes can be made. Continue Reading
-
Tip
05 Oct 2017
How the Docker REST API can be turned against enterprises
Security researchers discovered how threat actors can use the Docker REST API for remote code execution attacks. Michael Cobb explains this threat to Docker containers. Continue Reading
By -
Tip
05 Sep 2017
Why DevOps security must be on infosecs' priority list
In the rush to implement DevOps, security is too often overlooked. But DevSecOps is essential in these hack-filled days. Learn how to add security to software development. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
Guide
30 Aug 2017
How to craft an application security strategy that's airtight
A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out. Continue Reading
-
Tip
12 Jun 2017
To secure Office 365, take advantage of controls Microsoft offers
Securing Office 365 properly requires addressing upfront any specific risks of a particular environment and taking advantage of the many security controls Microsoft offers. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
12 Jun 2017
Office 365 security features: As good as it gets?
Online and application security is never perfect, but Office 365 security features come close. Here's an overview of how Microsoft installed security in its popular suite. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
12 Jun 2017
Address Office 365 security concerns while enjoying its benefits
Office 365 security concerns should worry you but not dampen your enthusiasm for the platform's potential benefits for your business. Here's what you need to consider upfront. Continue Reading
By- Kevin Beaver, Principle Logic, LLC