Security News

Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP
2021-09-10 18:35

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage. This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."

Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech
2021-04-15 21:42

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

Cybersecurity pros: Automation and app security are top priorities in 2021
2021-02-22 17:17

Two of the areas that we had mentioned by a lot of our CISOs were security automation and application security. In the case of security automation, it's well known that there is a big talent shortage in the security market.

Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues
2020-07-24 11:56

Chinese drone giant Da Jiang Innovations on Thursday responded to the disclosure of security issues discovered by researchers in one of its Android applications. DJI has always denied these accusations and it has pointed to analysis conducted by the U.S. Department of Homeland Security and Booz Allen Hamilton, which shows that there is no evidence the company's government and professional drones send user data to DJI, China or other third parties.

Microsoft Cloud App Security: This software can help you to manage shadow IT and boost productivity
2020-07-09 09:45

How to use shadow IT discovery in Microsoft Cloud App Security to help remote workers stay secure and save bandwidth. Even more than in an office, the proliferation of cloud apps can turn into a shadow IT security worry - and depending on how access to company data is set up, it might impact home internet bandwidth.

AppSealing Hybrid App Security 1.0 now also protects hybrid apps
2020-05-26 00:30

The market leader in mobile app security AppSealing has announced the introduction of a new feature to its suite of security services. Can add an AppSealing security layer between the native shell and the web app to secure their hybrid apps and protect their network infrastructure and their users' devices and data.

News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries
2020-05-15 19:28

Recent ransomware attacks, including ones targeting healthcare giant Magellan, the IT office that supports Texas appellate courts and judicial agencies, and a popular law firm that works with several A-list celebrities, including Lady Gaga, Drake and Madonna. "Double extortion" methods being increasingly used by ransomware actors - and new research that found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run.

As companies rely on digital revenue, the need for web and mobile app security skyrockets
2020-04-30 05:30

Although the use of applications has steadily increased, the difference in the ways that web and mobile applications are protected is not widely understood. Many companies that have been using security tools for their web application may feel that moving these security tools to mobile may be difficult, but it isn't.

Acunetix 13 web app security scanner comes with many innovations
2020-02-06 03:00

Acunetix 13 comes with an improved user interface and introduces innovations such as the SmartScan engine, malware detection functionality, comprehensive network scanning, proof-of-exploit, incremental scanning, and more. Scanning complex web applications using traditional web vulnerability scanners may take hours, having a serious impact on production site performance and internal processes.

Build Your Immunity Across All App-Security Insertion Points
2019-11-27 14:45

Years ago, I worked on a consulting project for a large financial services company, which had recently invested $20 million into their core offering, a managed services platform for financials...