Topic: security

HackerOne: The top 10 security vulnerabilities

Companies are paying the highest amount of bounties to fix cross-site scripting (XSS), improper authentication and information disclosure vulnerabilities. Meanwhile, some cloud-based vulnerabilities such as server-side request forgery (SSRF), in which an attacker can abuse functionality on the server to read or update internal resources, are seeing an uptick in bounties. This is according to … continue reading

Top roadblocks to securing web applications

In recent weeks, data breaches seem to have suddenly become more widespread and far reaching across the globe. In Australia, the Office of the Australian Information Commissioner (OAIC) revealed more than 10 million individuals had their information compromised in a single incident. In Singapore, thousands of Red Cross blood donors had their personal information leaked. … continue reading

Report: More than 50 percent of data remains in the dark

A majority of organizations are vulnerable to hack attacks because they are still in the dark when it comes to their data. A newly released report reveals more than half of all data within organizations remains unclassified or untagged, which results in an organization’s inability to assess the risk or value of more than half … continue reading

SD Times news digest: New guidelines for Apple’s App Store, IOActive and Bugcrowd team up to identify security gaps, and Firefox’s default Enhanced Tracking Protection

Apple is changing its requirements for applications on its App Store to protect user data. Apps in the kids category, VPNs, health or fitness apps will no longer transmit data to third parties and MDM apps, and other apps can only collect data after requesting permission from the user. Additionally, apps in the kids category … continue reading

A guide to DevSecOps offerings

Contrast Software Contrast Assess produces accurate results without dependence on application security experts, using deep security instrumentation to analyze code in real time from within the application. It scales because it instruments application security into each application, delivering vulnerability assessment across an entire application portfolio. Contrast Assess integrates seamlessly into the software lifecycle and into … continue reading

What does Contrast bring to the table and address DevSecOps in your solution?

Jeff Williams, co-founder and CTO, Contrast Security: Contrast is an integration platform for application security. We use an instrumentation-based approach, so we work from inside the running application layer. From there, we support the entire software life cycle with three things. The first thing is, we help identify vulnerabilities. Typically you want them to be … continue reading

Apple shows off new security features, iOS 13 and new iPad OS at WWDC

In the midst of immense public outcry against rampant personal data collection by companies, Apple showed off a variety of new security features for its upcoming iOS 13 release at the company’s annual Worldwide Developers Conference (WWDC). The conference comes days after Apple launched a new website trying to highlight its App Store’s accomplishments while … continue reading

Privacy as a service

Many Americans seem resigned to not having control over their data profiles on the Internet. As larger and more sophisticated data breaches are reported in growing numbers, and companies such as Facebook and Google engage in mysterious data activities, technology users are left not knowing who’s got their data, or what they’re going to do … continue reading

Chances of data leaks are high in mobile apps

Most mobile applications contain at least some programming flaws that make them susceptible to leaking data containing personal information. In fact, mobile applications distributed in Apple’s App Store and Google Play are more likely to have at least one hidden bug that can compromise privacy than they are of containing a security vulnerability, where the … continue reading

SD Times news digest: Postman 7.1, Auth0 secures $103 million, and an update on the Stack Overflow breach

API development environment provider Postman has announced Postman 7.1, which enables developers to create APIs directly within the app. The release features new API, define, develop, test and observe tabs, API elements, extended schema support, and versioning and version tagging. The new versioning feature allows developers to maintain multiple versions of an API simultaneously, Postman … continue reading

Shifting left for better security? It’s just as important to shift right too

There’s been a lot of talk lately in security and development circles about the need to shift left in the software development lifecycle—and rightly so. By bringing security into the picture from the beginning, you can catch weak designs and bugs earlier, when they’re cheaper and easier to fix. So far, so good. But does … continue reading

Open Source Day 2019 focuses on the cloud, security and development

The 12th edition of Open Source Day (OSD) will take place today at the Legia Warsaw Stadium in Poland’s capital city. The event will include presentations, forums and nine technical sessions spanning automation, containerization, cloud computing, virtualization, security, monitoring, CI/CD, software and app development and databases. “Participants at the upcoming event will be able to … continue reading

HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!