Software Security

Archive for June 2015

 

Cloud storage security storm: When it rains it pours

This week was particularly newsworthy regarding mobile [in]security. Three different cloud storage vulnerabilities were announced affecting users and platforms in various ways. We had the Samsung+Swift keyboard that was not a single problem but a chain of failures. We also heard from researchers from Indiana University, Peking University, and the Georgia Institute of Technology that […]

Continue Reading...

Posted in Cloud Security, Mobile Application Security | Comments Off on Cloud storage security storm: When it rains it pours

 

Critical gap in developer training puts applications at risk

As the builders of applications, developers are the frontline defense against security threats.   Unfortunately, most don’t have the training to make sure the code they create is secure. As a result, their work may be riddled with vulnerabilities that open the door for hackers to access sensitive data and systems. If security scans identify bugs […]

Continue Reading...

Posted in Security Training, Web Application Security | Comments Off on Critical gap in developer training puts applications at risk

 

4 application security skills every expert ought to have

If you’re thinking about becoming an application security professional, you’ve picked an ideal time to enter the field. According to the U.S. Bureau of Labor Statistics, the demand for security experts is expected to grow exponentially through 2022. More importantly, there’s never been a better time to invest in developing application security skills and gaining […]

Continue Reading...

Posted in Security Training, Software Security Testing, Web Application Security | Comments Off on 4 application security skills every expert ought to have

 

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

The Samsung Galaxy phone hack was not caused by “one bug.” It was due to a chain of several failures, which makes it difficult to say who is at fault and how the Samsung hack could have been avoided. Don’t jump to conclusions! How did the Samsung Galaxy get hacked? Issue 1: Samsung uses a […]

Continue Reading...

Posted in Mobile Application Security, Software Development Life Cycle (SDLC), Vulnerability Assessment | Comments Off on Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

 

Risk ranking your applications: A method to the madness

You likely have a diverse mix of applications within your organization. You have everything from apps powering web and mobile tools that just launched to internal functionality you’ve not updated in years. You created some applications in-house, external partners supplied some, and some are critically dependent on open source code built by developers with which […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Software Security Testing | Comments Off on Risk ranking your applications: A method to the madness

 

How to overcome the hurdles to mobile application security

Mobile apps are juicy targets for hackers. Consider the rich data that is captured by a mobile device, including call logs, SME messages and location information. Then, consider the rapidly evolving mobile platforms and frameworks that are new to many development organizations. It is no surprise that many mobile applications contain serious security vulnerabilities. If […]

Continue Reading...

Posted in Mobile Application Security, Vulnerability Assessment, Web Application Security | Comments Off on How to overcome the hurdles to mobile application security

 

Internet of Things: Make sure your security strategy is as ‘smart’ as your devices

Household appliances, cars, electronics, security systems, and even medical devices are all becoming smarter. They’ve merged into a WiFi-enabled, cloud-connected network now known as the Internet of Things (IoT). And it’s getting bigger, from seven billion devices in 2009 to more than 50 billion in the year 2020, according to a report by the Federal […]

Continue Reading...

Posted in Internet of Things, Software Development Life Cycle (SDLC), Web Application Security | Comments Off on Internet of Things: Make sure your security strategy is as ‘smart’ as your devices

 

What happens at Archimedes: All there is to know about medical device security

From a security viewpoint, medical devices differ from conventional web applications, mobile applications, and other types of embedded applications which security researchers commonly encounter. First, medical devices come in many forms: devices that are embedded in the human body, used in hospitals, and used by patients at home. Security professionals need to recognize the context […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Security Conference or Event, Web Application Security | Comments Off on What happens at Archimedes: All there is to know about medical device security