Your web application is the face of your business. It is the client-server software exposed to the world. For instance, when you want to book an airline ticket you visit the airline’s website to make the reservation. This public exposure and interaction is highly convenient to current and potential customers. However, it also makes your […]
Last fall, someone released a benign worm looking to protect Internet of Things (IoT) devices from more dangerous worms. Known as Hajime, the vigilante malware appears to be designed to block another IoT worm, Mirai. The two are chasing each other around the world. Each are locked in a weird internet turf war seemingly bent on […]
If you play a role in your organization’s software security program, you already know that there’s no shortage of things to do to improve your firm’s security activities. To bring security priorities into focus, the Building Security In Maturity Model (BSIMM) highlights the 113 most commonly observed software security activities. The BSIMM thus enables experts like […]
Posted in Maturity Model (BSIMM) | Comments Off on Webinar: Have you learned the art of building a security strategy?
Before jumping into the Express framework, get up to speed with Part 1 of this series which explores MongoDB. Stack precedence (ExpressJS) The Express framework allows developers to easily add multiple middleware plugins globally to all routes via app.use(). However, middleware order is important because it will only be applied to routes defined further down the […]
Taking a look at the findings in the 2017 Open Source Security and Risk Analysis Report Synopsys is a company that thrives off data. In fact, it’s essential to our business. I’m constantly impressed by the amount of data that we collect and the level to which our employees embrace the data-driven mentality here. We […]
Third-party products and services are an integral part of business operations. Organizations depend heavily on optimizing their solutions by reducing costs; thus, bringing about the need for external expertise. Third-party organizations promise timely delivery of products and services, meeting compliance requirements, and optimizing the organization’s overall business performance. Reasons for bringing in a third party […]
Increasingly, computer hacking is leaving the traditional network and reaching out into the physical world. So it shouldn’t be too surprising that two recent well-publicized hacks were accomplished using non-traditional ways. One, the sounding of all 100+ civil defense sirens in Dallas, Texas (for 90 minutes during the night) most likely used only sound waves […]
Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).
MEAN stack applications (MongoDB, ExpressJS, AngularJS, and NodeJS) are becoming increasingly popular as lightweight, easily deployable frameworks due to a vast ecosystem of middleware plugins and dependencies. But just how secure are these technologies? Let’s examine some common vulnerabilities that are introduced either by using these components in their default configurations or due to common […]
A craftsman requires the appropriate skills and tools to work in tandem in order to create a masterpiece. While tools are an important enabler in the process of creating the best piece of work possible, the process also requires relevant experience and expertise on the part of the craftsman. Much like craftsman’s toolbox, a pen […]