The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."
On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.
Two of the areas that we had mentioned by a lot of our CISOs were security automation and application security. In the case of security automation, it's well known that there is a big talent shortage in the security market.
Chinese drone giant Da Jiang Innovations on Thursday responded to the disclosure of security issues discovered by researchers in one of its Android applications. DJI has always denied these accusations and it has pointed to analysis conducted by the U.S. Department of Homeland Security and Booz Allen Hamilton, which shows that there is no evidence the company's government and professional drones send user data to DJI, China or other third parties.
How to use shadow IT discovery in Microsoft Cloud App Security to help remote workers stay secure and save bandwidth. Even more than in an office, the proliferation of cloud apps can turn into a shadow IT security worry - and depending on how access to company data is set up, it might impact home internet bandwidth.
The market leader in mobile app security AppSealing has announced the introduction of a new feature to its suite of security services. Can add an AppSealing security layer between the native shell and the web app to secure their hybrid apps and protect their network infrastructure and their users' devices and data.
Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna. "Double extortion" methods being increasingly used by ransomware actors - and new research that found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run.
Although the use of applications has steadily increased, the difference in the ways that web and mobile applications are protected is not widely understood. Many companies that have been using security tools for their web application may feel that moving these security tools to mobile may be difficult, but it isn't.
Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes.
Years ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials...