An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.
Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.
The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?
The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices.
Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms.
It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as it initially appeared.
Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix
The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security.
With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show floor itself spans two buildings. Exhibitors range from the NSA and FBI (love their dogs, by the way), through service providers like CenturyLink and AT&T, major technology vendors like F5 and Trend Micro, to smaller vendors around the edges of the expo halls.
Posted in Software Architecture and Design | Comments Off on RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil