The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?
The automotive industry runs on software—but with increased software use comes an increased attack surface. Making safe, reliable vehicles starts with building secure software. Dr. Gary McGraw explains the importance of secure design principles and how to take the first step toward automotive software security. The original version of this article was published in The Security […]
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices. Learn more by watching the full episode below: New VPNFilter […]
Posted in Automotive Security, Internet of Things, Software Architecture and Design, Weekly Security Mashup | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline
Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms. The app allows users (typically parents) to monitor devices (typically their children’s) to view location, text messages, calls, browsing history, and more. TeenSafe claims the technology can and will help protect your child. There […]
It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as […]
Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]
With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show […]
Open source election software is exposed to many eyes that check it for vulnerabilities. But does that mean it’s more secure? What are the pros and cons of open sourcing election software?
Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. Since this article was posted, we have made several improvements to our capability of detecting code patterns vulnerable to Spectre. Details on the latest enhancements can be found here. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. […]