Should or shouldn’t Microsoft patch the IE flaw?

Several headlines can be found across the web which are designed to create fear that Windows XP is now unsecure – and rightly so, it is. What isn’t fair are the articles accusing Microsoft of being irresponsible for not releasing a fix despite announcing support will end months in advance.

It also isn’t Windows, Microsoft’s core product, which is at fault for this particular exploit – it’s Internet Explorer. Pointing the blame at the OS is only designed to further damage a...

By Ryan Daws, 29 April 2014, 0 comments. Categories: Security, Windows.

Why measurement is key to driving improvement in software security

By Paco Hope, member of (ISC)²'s Application Security Advisory Board, and Principal Consultant with Cigital

We recognise that insecure software is a major cause of security breaches; we as security professionals even know what to do to address the problem, but ironically, not many organisations are actually taking the necessary measures.

The Building Security in Maturity Model (BSIMM, http://bsimm.com), an observational model built from real-world software security initiatives, is evidence of...

By ISC2, 06 March 2014, 0 comments. Categories: Security, Testing.

How developers can prepare for the new era of content and data

The world is about to experience an explosion of personal video and data as wearable devices become more pervasive. Wearable technology recently dominated the Consumer Electronics Show (CES) in Las Vegas, and is marked as the big topic of conversation at Mobile World Congress later this month.

According to ABI Research analyst, Aapo Markkanen, multiple device ownership and the pervasiveness of cameras that generate high quality video is strongly driving consumer cloud storage growth. But what’s...

By Jon Chang, 13 February 2014, 0 comments. Categories: Design, Developers, Security, Testing.

Six security vulnerabilities found in many banking apps

Of all the apps in your life, the one you hope is most secure is your banking app. Unfortunately, those responsible for many banking apps are making some major security missteps, leaving the apps – and their users – vulnerable. Research done by Ariel Sanchez of IOActive found that 40 apps from 60 major banks have at least one security vulnerability.

He didn’t name names, but Ariel tested iOS banking apps from Europe, Asia, the Middle East, Australia, India, South America and North...

By Mike Brown, 05 February 2014, 0 comments. Categories: Hacking, Security, Testing.

Java accounts for 91% of attacks, U.S Cloud providers distribute 44% of Malware

When you think about it, most vulnerabilities within the public eye appears to come down to Java in some respect – but it’s not just you – Cisco’s 2014 Annual Security Report points the blame at Oracle's Java for being a leading cause of security woes.

In fact, the report suggest as much as 91 percent of all attacks can be pointed at Java’s insecurities being the culprit.

The data comes via the Vulnerability...

By Ryan Daws, 20 January 2014, 0 comments. Categories: Cloud, Java, Platforms, Security.

PixlCloud CEO Raffael Marty on the importance of security visualisation

Raffael Marty, the founder and CEO of PixlCloud, a next-generation data visualisation application for big data, is one of the most influential names in big data, analytics and visualisation.

Having been named in the top 200 thought leaders in big data and analytics by Analytics Week, Marty has also served as chief security strategist with Splunk and was a co-founder of Loggly, a cloud-based log management solution.

For more than 12 years Marty...

By InfoSec Institute, 02 January 2014, 0 comments. Categories: Code, Design, Developers, Security.

Will Android become the next business mobile platform?

Not so long ago SAP and Samsung announced about their collaboration in promoting Android OS for small and medium-sized businesses. The companies are going to work together to develop solutions in the field of mobile security and management.

Samsung launches KNOX project for these purposes, within which it will distribute business tools for IT- organizations.

“Many of the world’s largest enterprises depend...

By Katerina Merzlova, 17 December 2013, 0 comments. Categories: Android, Enterprise, Security.

iOS apps suffer security problems

Mobile app security is a growing concern, but most companies are still struggling to keep up. Android has traditionally been the operating system associated with mobile security issues, but recent stats released by HP prove that iOS developers are also fighting an uphill battle.

 

From Network World:

HP today said security testing it conducted on more than 2,000 Apple iOS mobile apps...

By Mike Brown, 19 November 2013, 0 comments. Categories: Apple, Apple iOS, Security.

Security for developers: From web hosting to the cloud

Bola Rotibi, member of the (ISC)2 Application Security Advisory Board; and Research Director at Creative Intellect Consulting Ltd

As a web developer you get used to being the first point of contact when something goes awry with a website that you’ve worked on. It is understandable that people see something is wrong and then need to call someone to get it addressed as quickly as possible. What is often lost on clients is the importance of their website hosting and the interdependence between developers...

By ISC2, 17 October 2013, 0 comments. Categories: Cloud, Developers, Security.

Apps Act 2013: What you need to know

Beginning of this year, the California Attorney General issued a report entitled “Privacy on the Go” which provided much-needed recommendations as to how the mobile ecosystem should function, move forward, but do so with privacy in mind.

The FTC (Federal Trade Commission) issued its own report the next month in February; with a similar; but expanded title: “Mobile Privacy Disclosures; Building Trust Through Transparency.”

Clearly the floodgates...

By Ryan Daws, 09 October 2013, 0 comments. Categories: Android, Apple iOS, Developers, Industry, Security.