There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, […]
Continue Reading...
Posted in Automotive Security, Embedded Software Testing, Mobile Application Security | Comments Off on Automotive security goes beyond the car
In January 2016, Forbes announced that there were one million job openings in cyber security. The shortage of talent has continued to mount while demand is expected to increase to six million globally by 2019. You may be intrigued by the idea of security consulting but aren’t sure how to transition or break through. If […]
Continue Reading...
Posted in Application Security, Mobile Application Security, Web Application Security | Comments Off on Is a career in application security consulting right for you?
The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]
Continue Reading...
Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017
RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]
Continue Reading...
Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here
Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]
Continue Reading...
Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps
Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally. At the same time, software security initiatives must fall […]
Continue Reading...
Posted in Mobile Application Security, Security Training | Comments Off on Here are the top 10 best practices for securing Android apps
Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating […]
Continue Reading...
Posted in Mobile Application Security, Network Security, Software Security Testing | Comments Off on Stealing authentication tokens from locked machines with a mobile phone
HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. […]
Continue Reading...
Posted in Mobile Application Security, Software Security Testing | Comments Off on Brace yourselves: Application transport security is coming
iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday. Researchers from Toronto-based Citizens Lab, working with Lookout, said they had discovered three zero days, vulnerabilities not previously known to Apple or others, which could allow third parties […]
Continue Reading...
Posted in Mobile Application Security | Comments Off on Dangerous iOS flaws patched in emergency update
Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data. The vulnerability is in the design and implementation of RFC 5961, a relatively new Internet standard. Ironically, it’s intended to prevent certain classes of hacking attacks. The way it is written now, an blind […]
Continue Reading...
Posted in Mobile Application Security, Open Source Security | Comments Off on 1.4 billion Android devices vulnerable to hijack attacks