Application Security News, Articles and Updates

Time to wake up to API security, the overlooked vulnerability

API vulnerabilities are the sleeping giant of our technology-led world. The threats posed by an exposed API are significant, yet, they remain the most overlooked threat to information security today says Jason Macy

Attack is imminent - get "back to basics" - not just during CyberSec month

Patching and application control should be first on the list to strengthen your organisation against attack, but take a strategic approach, and don't just patch for the latest WannaCry, but for the next big attack too says Amber Boehm.

Why empathy and communications skills should underpin application security teams

Colin Domoney discusses how to build a successful application security team based on his own experiences.

Netsparker: 2/3 of web applications are flawed

Internal code imperfections have lead to cross-site scripting (XSS) and SQL injections, with 68 percent of web apps surveyed vulnerable according to application security company Netsparker.

Internet of malicious things: Yale home automation vulnerable

The Yale Home System (Europe) Android application vulnerable to a man-in-the-middle attack due to TLS errors .

BlackHat Amsterdam: 'numbers will make the difference' when securing the IoT

SC sat down with Veracode's Chris Eng to talk about securing the internet of things and the future of cyber-regulation.

Why slap-dash application development is threatening the IoT

It's impossible to know how your latest IoT-enabled device is going to be used by the purchaser, so make sure that security is designed into your products from the beginning, says Paddy Srinivasan

Global firms struggle with digital change, UK yields positive results

Moderately-paced economic growth and relative decoupling from the fiscal commotions in Europe have improved the direction for enterprise IT in the UK.

Constant attack a growing reality

Persistant attacks have become a state of permanent attack for some organisations according to a new report.

IEEE looks to raise security standards among software developers

The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector, and is already advising software developers to ensure that their applications are secure.

Fake ID Android flaw allows apps to be impersonated

A new and potentially serious flaw has been discovered in all Android devices, from version 2.1 upwards. The flaw, dubbed `Fake ID' by BlueBox Labs, allows malware to impersonate trusted applications.

Blurring the lines between business and home

What are the risks posed by apps and hardware that cross the business/home divide? Dr Guy Bunker asks what policies and security approaches are required?

Windows app privileges subverted

Researchers have spotted new attack vectors being used to exfiltrate company online banking credentials.

Apple iOS8: more open, but is it secure?

"Apple has an opportunity here to show us how it does security well and I hope they step up their game because the cybercriminals are out-innovating everyone on a daily basis," - Tim Keanini, Lancope CTO

ICYMI: "Dead" anti-virus, mobile ransomware; more EU DPA problems

This week's In Case You Missed It column looks at the state of anti-virus, ransomware going mobile and the EU's upcoming Data Protection Regulation.

Islands of identity hard to track

New poll shows 94 percent of IT security professionals use third party apps on their mobile devices making it harder for IT to track and manage.

ICYMI: Putin's rage, DDoS attacks, and post-Heartbleed OpenSSL

This week's In Case You Missed It column looks at Vladimir Putin's Internet views, bigger and badder DDoS attacks, and further reaction to OpenSSL and Heartbleed.

Researchers demo iOS banking app hack

Mobile banking transactions may be on the rise, but banks may face an uphill struggle to keep them secure from cyber-criminals.

LinkedIn plug-in mines for user email addresses

"This highlights the fine line between acceptable and unacceptable usage of your information" says Nigel Stanley, CEO of Incoming Thought.

Only 6 in 10 firms say their software is always up-to-date

A new report from F-Secure reveals that most companies lack the resources to update legacy applications, with this potentially being a serious security risk.

iPhone apps are 'more risky than Android'

Surprising new research reveals that iPhone apps are 'more risky than Android' and also details that 90 percent of all top apps are under threat too.

App security 'severely hampered' by skills shortage

Organisations are being "severely hampered" in the key area of applications security because of skills shortages, according to new research from the independent SANS Institute.

Thousands of smartphones infected with 'spy' malware

Tens of thousands of smartphone users have been hit by a new class of botnet that illicitly gathers information.

ICO warns software developers on data privacy

The Information Commissioner's Office (ICO) has warned developers that protecting app data is of paramount importance.

Cyber criminals cracking more paid-for and Apple apps than ever before

Hackers are increasingly targeting paid-for and iOS apps, according to a new study.

McAfee EMEA CTO: Protect the data first, then the device

McAfee CTO Raj Samani advises companies to secure the business data before the device being used to access the information.

HP seeks secret sauce to fill the gaps

Attending a recent social event, I was able to get together with some major names from IT giant HP.

Fighting blind: The convergence of modern applications, SSL and advanced threats

Modern attackers, by necessity, have become highly adaptable and customised to avoid traditional security, producing threats that are more sophisticated than ever.