Game Development: Managing the rules of the game

(Image Credit: iStockPhoto/Gladkikh)

The rules of the gaming industry are changing. In a highly-competitive market, game makers need to ensure they’re not only developing products which meets the needs of an increasingly demanding market, but that also stand up to the rigours of security. Be it online gaming or gambling, users are sharing sensitive data such as personal information or credit card details which means they...

By Gábor Marosvári, 21 April 2016, 0 comments. Categories: Gaming, Hacking, Security.

HTML5 security: Cross domain messaging

(c)iStock.com/Miha Perosa

HTML5 is one of the emerging technologies for next generation web applications and has brought a lot of new features to the web. HTML5 applications are also widely used in the mobile app world. But along with the features, HTML5 has brought various new attack vectors as well.

Before going ahead with the security concepts of cross domain messaging, let us understand the basics of how cross domain messaging is implemented in HTML5.

Cross domain messaging

Due to the same origin policy...

By Srinivas, 27 January 2016, 0 comments. Categories: Development Tools, HTML5, Security.

Oracle's new API deals with Java EE security problems

(Image Credit: iStockPhoto/Hramovnick)

Oracle's staff are fully-aware that security in Java EE hasn't been taken as seriously as it should have, but are working to fix these problems in the new Java EE security API (JSR 375) which is a proposal for baking better security into the environment. 

Java's development environment is notorious when it comes to security problems, at...

By Ryan Daws, 06 November 2015, 0 comments. Categories: API, Java, Security.

Risk-based security: Applying more sophisticated risk assessment and mitigation tools

(c)iStock.com/wolv

Not all data is created equal. Right there is why organisations are newly focused on risk based security where the crown jewels get more rigorous protection than, say, humdrum, ordinary files.

This is crucial because – as headlines about breaches of important data files at large insurers such as Anthem, large retailers such as Target, and even federal government agencies demonstrate – hackers have gotten very good at their jobs. Understand, for them this is a job. It’s no...

By Ciklum, 30 July 2015, 0 comments. Categories: Hacking, Security.

IoT and the enterprise: What has the industry got to do to kick-start growth?

(c)iStock.com/Danil Melekhin

The analysts and researchers are in agreement; the Internet of Things (IoT) market will become the largest device market in the world. The question is simply when.

Berg Insight argues that in the industrial automation sector, the number of wireless IoT devices will hit 43.5 million by 2020. In the overall market, the numbers are almost frighteningly big: BI...

By James Bourne, 12 June 2015, 0 comments. Categories: Enterprise, IoT, Security.

The privacy implications of the Internet of Things

(c)iStock.com/alengo

The term “Internet of Things” refers to the use of the Internet for monitoring, tracking, controlling, and interconnecting everyday objects. For example, home appliances can be connected to the Internet to facilitate household activities. In this context, it is worth mentioning that refrigerators that allow the users to access the Internet are already commercially available.

According to ABI Research, a...

By Daniel Dimov, 04 June 2015, 0 comments. Categories: IoT, Security.

Opinion: In the interest of public security…

(Image Credit: iStockPhoto/Bliznetsov)

It seems that in the aftermath of almost every major catastrophe comes a reaction from government to increase measures to enhance public security. The atrocities of 9/11 resulted in security measures ranging from increased airport checking procedures, to face recognition devices, from random searches of internet content by intelligence officers, to the use of wiretaps and the ability to intercept and read...

By Andrew Hull, 24 March 2015, 0 comments. Categories: Hacking, Industry, Security.

As HTML5 grows, security risks become a bigger issue

(c)iStock.com/mihaperosa

As the combination of JavaScript and HTML5 become the defacto software standard for building websites, enterprise-ready solutions or mobile applications, it’s surprising to discover that 99% of the code used and delivered as production-ready code is literally open, and running naked through the woods.

The W3C (World Wide Web Consortium), as of October 2014 officially approved HTML5 as a complete industry standard. But the adoption process started a...

By Carlos Goncalves, 23 January 2015, 1 comment. Categories: HTML5, Languages, Security.

MoonPig's API breach could cost its business

(Image Credit: ©iStock.com/Tsekhmister)

Security breaches are frequent news, but fixes are often implemented with due haste to prevent data loss and protect customers. Paul Price, a security researcher, alerted MoonPig to a flaw in its API which allowed hackers to see payment information and view addresses. This fault was left unfixed for 17 months, and could be...

By Ryan Daws, 08 January 2015, 0 comments. Categories: API, Hacking, Security, Testing.

What issues does a Trusted Execution Environment address?

The richness of today’s connected devices such as smartphones, tablets, set-top boxes and televisions is bringing new challenges to service providers wanting to protect their offering against hackers and malware attacks. At the same time, an increasing number of applications are hosting sensitive, personal and confidential information that could have significant consequences if compromised. Such applications require more protection than can be offered by software solutions alone. This is where the...

By Global Platform, 10 December 2014, 0 comments. Categories: Hacking, Mobile, Monetisation, Security.

Bluetooth 4.2 wants to be "the foundation for the IoT"

As I write this article, there is one technology which is providing a constant link between my smartphone and my smartwatch. Bluetooth's Special Interest Group (SIG) has advanced the standard and its capabilities far-beyond what anyone could have imagined at its conception, but it's not finished yet...

As we move into the age where we're criticised for not connecting a device to the internet, the amount of devices connected to one another will grow exponentially. At the same time, we're just as...

By Ryan Daws, 03 December 2014, 1 comment. Categories: Devices, IoT, Security.

Should or shouldn’t Microsoft patch the IE flaw?

Several headlines can be found across the web which are designed to create fear that Windows XP is now unsecure – and rightly so, it is. What isn’t fair are the articles accusing Microsoft of being irresponsible for not releasing a fix despite announcing support will end months in advance.

It also isn’t Windows, Microsoft’s core product, which is at fault for this particular exploit – it’s Internet Explorer. Pointing the blame at the OS is only designed to further damage a...

By Ryan Daws, 29 April 2014, 0 comments. Categories: Security, Windows.

Why measurement is key to driving improvement in software security

By Paco Hope, member of (ISC)²'s Application Security Advisory Board, and Principal Consultant with Cigital

We recognise that insecure software is a major cause of security breaches; we as security professionals even know what to do to address the problem, but ironically, not many organisations are actually taking the necessary measures.

The Building Security in Maturity Model (BSIMM, http://bsimm.com), an observational model built from real-world software security initiatives, is evidence of...

By ISC2, 06 March 2014, 0 comments. Categories: Security, Testing.

How developers can prepare for the new era of content and data

The world is about to experience an explosion of personal video and data as wearable devices become more pervasive. Wearable technology recently dominated the Consumer Electronics Show (CES) in Las Vegas, and is marked as the big topic of conversation at Mobile World Congress later this month.

According to ABI Research analyst, Aapo Markkanen, multiple device ownership and the pervasiveness of cameras that generate high quality video is strongly driving consumer cloud storage growth. But what’s...

By Jon Chang, 13 February 2014, 0 comments. Categories: Design, Development Tools, Security, Testing.

Java accounts for 91% of attacks, U.S Cloud providers distribute 44% of Malware

When you think about it, most vulnerabilities within the public eye appears to come down to Java in some respect – but it’s not just you – Cisco’s 2014 Annual Security Report points the blame at Oracle's Java for being a leading cause of security woes.

In fact, the report suggest as much as 91 percent of all attacks can be pointed at Java’s insecurities being the culprit.

The data comes via the Vulnerability...

By Ryan Daws, 20 January 2014, 0 comments. Categories: Cloud, Java, Platforms, Security.

PixlCloud CEO Raffael Marty on the importance of security visualisation

Raffael Marty, the founder and CEO of PixlCloud, a next-generation data visualisation application for big data, is one of the most influential names in big data, analytics and visualisation.

Having been named in the top 200 thought leaders in big data and analytics by Analytics Week, Marty has also served as chief security strategist with Splunk and was a co-founder of Loggly, a cloud-based log management solution.

For more than 12 years Marty...

By InfoSec Institute, 02 January 2014, 0 comments. Categories: Design, Development Tools, Languages, Security.