Security News
Azure Virtual Network Manager is a new tool for grouping network resources, configuring the connectivity and security for those resources and deploying those configurations to the right network groups automatically. You can use this to create common network topologies like a hub and spoke that connects multiple virtual networks to the hub virtual network that contains your Azure Firewall or ExpressRoute connection.
Appdome unveiled the results of a global survey that shares the views of 25,000 consumers in 11 countries on mobile app use and consumer expectations of mobile app security. With 53.5% of consumers now preferring mobile apps to other digital channels, the report is incredibly timely for all brands with mobile strategies.
The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred and three apps have differences based on country in their privacy policies.
SECURE Magazine issue 71 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Attackers using default credentials to target businesses, Raspberry Pi and Linux top targetsFindings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses.
There's no shortcut that can replace time being explicitly dedicated to security from the very beginning of an app's development. To explain why allocating time to secure an application is so important, you must understand the undeniable value of moving security to the "Left."
The past year in web app cybersecurity was anything but calm, and if predictions on the coming year from PerimeterX CTO Ido Safruti are accurate, it's going to be another year of struggles to protect web apps. Safruti predicts a 2022 in which custom-tailored malware, bot attacks and post-login fraud spike, causing leaders to finally confront the reality of online fraud: It varies greatly, is becoming more selective in its targets and is present everywhere from before login to well after a username and password are entered.
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. "A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.
The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."
On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.
Two of the areas that we had mentioned by a lot of our CISOs were security automation and application security. In the case of security automation, it's well known that there is a big talent shortage in the security market.