Application Security News and Articles


Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) For October 2024 Patch Tuesday, Microsoft has released ...

How SAST Tool Fortify Works: A Quick Overview

Fortify is a powerful Static Application Security Testing (SAST) tool that scans your source code for vulnerabilities before the…Continue reading on Medium »

USENIX NSDI ’24 – Known Knowns and Unknowns: Near-Realtime Earth Observation Via Query Bifurcation In Serval

Authors/Presenters:Bill Tao, Om Chabra, Ishani Janveja, Indranil Gupta, Deepak Vasisht Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation ...

Transforming Cyber Risk Quantification and Vulnerability Prioritization with KnightVision

In today’s complex cyber landscape, managing risks effectively isn’t just about identifying threats—it’s about understanding their impact and knowing how to prioritize vulnerabilities. With constant changes in the vulnerability landscape, ...

Cost of Online Brand Impersonation: Customer Acquisition and Loyalty

Online brand impersonation is an insidious threat compared to more straightforward attacks. Ransomware, for example, is simply extortion. A cybercriminal encrypts your data, holds it hostage, and demands payment in exchange for encryption keys. ...

Generational security: The meaning behind this year’s Cyber Security Awareness Month theme

This year’s Cyber Security Awareness Month theme is “Generation Cyber Safe: Because online security knows no age”, but what does that mean? The annual theme of The post Generational security: The meaning behind this year’s Cyber Security ...

InCyber Forum Canada 2024

  The InCyber Forum Canada 2024 conference is an outstanding event, packed with multiple stages, many thought-leadership panels, and an expansive array of vendors showcasing their latest innovation. Come join me in Montreal Canada, Oct ...

More on My AI and Democracy Book

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four ...

USENIX NSDI ’24 – Democratizing Direct-to-Cell Low Earth Orbit Satellite Networks

Authors/Presenters:Lixin Liu, Yuanjie Li, Hewu Li, Jiabo Yang, Wei Liu, Jingyi Lan, Yufeng Wang, Jiarui Li, Jianping Wu, Qian Wu, Jun Liu, Zeqi Lai Recipient: Outstanding Paper Award Our sincere thanks to USENIX, and the Presenters & Authors ...

Identity Under Siege: Responding to the National Public Data Breach

Gary Perkins, Chief Information Security Officer, CISO Global While the scale of this data breach is alarming – with 277 gigabytes of data reportedly stolen – it’s important not to panic. Instead, focus on taking concrete steps to protect ...

Randall Munroe’s XKCD ‘Solar Protons’

via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Solar Protons’ appeared first on Security Boulevard.

SDLC Methodologies: The 7 Most Common

The software development lifecycle (SDLC) looks different for every team, but standard methodologies have emerged and evolved to help teams plan, test, and maintain projects with consistency and accuracy. These methodologies offer a clear ...

What Is the Agile SDLC? Benefits, Stages And Implementation

The goal of any software development lifecycle (SDLC) is to create a great product. And that requires flexibility, customer-centricity, and a philosophy of constant improvement—all attributes of the Agile SDLC.  The post What Is the Agile ...

Apple Releases Draft Ballot to Shorten Certificate Lifespan to 45 Days

Earlier this week, on October 9, during the second day of the fall CA/Browser Forum Face-to-Face meeting, Apple revealed that it had published a draft ballot for commentary to GitHub. This proposal, which is sponsored by Sectigo, offers to ...

Prevent Path Traversal Attacks with ADR | Contrast Security

The Contrast Security Runtime Security Platform — the engine driving Contrast’s Application Detection and Response (ADR) technology — blocked approximately 55.8K cybersecurity attacks during the month of September 2024.  The post Prevent ...

ADDO session: Secure your application supply chain on AWS

We've wrapped up our 9th All Day DevOps (ADDO) event, where we've learned from the industry's best and brightest about the latest tools and methodologies for securing the software supply chain. Hossam Barakat, Senior Cloud Architect at Amazon Web ...

(In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost

FMR FAIL: Huge investment firm won’t say how it was hacked. The post (In)Fidelity Admits Data Breach 8 Weeks Ago — 77K PII Lost appeared first on Security Boulevard.

ISO 27001 – 2013 vs 2022: Changes, Transition & More

Information and digital security frameworks like FedRAMP, CMMC, and ISO 27001 are not static documents. They provide a static framework for your business to comply with and achieve, but that framework is only valid for so long. Several different ...

Exploring Goldilocks: ‘Just Right’ Resource Management

Managing resource requests and limits in Kubernetes can be challenging, especially for teams that are new to container orchestration or scaling complex workloads. But without proper configuration, your cluster can become unstable, experience ...

Generative AI Fueling More Sophisticated Cyberattacks: Survey

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption ...