Breaking News




Source: Veracode.com

Sep 16, 2016
The IT industry has long welcomed DevSecOps, yet it is still poorly adopted. Gartner tellingly defines its status as: “Trough of Disillusionment.” What is inhibiting adoption? For the answer, look at its definition, and you will sense something odd. It is defined as a set of processes, people, methods, models, policies, culture, recipes, blueprints and templates.  This list misses the most ess...


Source: Veracode.com

Sep 16, 2016
Everyone has weird language issues they just can’t get right – mine is ordering at Starbucks. If the store doesn’t have sizes on display that I can awkwardly point to, I end up panicking, ordering a “tall,” and walking away disappointed with my small coffee. Starbucks and I just can’t speak the same language (yes, it’s my fault). This problem of speaking a different language is not unique to m...

As an application owner, you have the task of staying abreast of the security issues in critical applications soon to hit production. You need a workflow that allows you to quickly identify that vulnerabilities identified in a full dynamic scan have been addressed by development. You also have to produce a report to the business listing the vulnerabilities that have been addressed and those th...

One of the biggest security threats is that enterprise mobile app testing is overwhelmingly focused on functionality and not security. Pen testing of apps to see what data they—or some third-party app it is integrated with—are actually retaining is hardly ever done prior to deployment, if then. Why? It's simply not in the mindset of line-of-business managers. They want/need the apps to perform...

Cyberwar – the term conjures images of futuristic warriors battling for control of Earth ala the Terminator or the Matrix. But the truth is cyberwar is just as much a part of our national history as it is a potential future crisis. And as the old adage goes “ what has happened before will happen again”. The main difference between the cyberwar of the past and the one of today, or the future ...

Not only is e-commerce being radically changed due the mobilization of shoppers, but it's disproportionately happening with younger consumers. At the same time, law enforcement and government regulatory attention is being focused on age violations. And yet, the vast majority of companies have age-verification systems that provide almost no legal protections. Consider Facebook's recent age veri...


Source: Veracode.com

Sep 16, 2016
As we outlined in the previous blog post, DevOps is in danger of not being properly secured unless it adopts technologies specifically designed for that purpose. Traditional application security technologies were not designed to work in a DevOps environment. Even from DevOps name, it is obvious, that DevOps-enabling tools should be designed for Development and Operations specialists. And for s...


Source: Ars Technica Security RSS

Sep 16, 2016
Enlarge (credit: Apple) Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates. Today, Apple has released updates for Safari 9 and OS X El Capitan and Yosemit...