Cloud Storage Security Storm: When it Rains it Pours

by Jim DelGrosso on Friday, June 19, 2015

This week was particularly newsworthy regarding mobile [in]security. Three different cloud storage vulnerabilities were announced affecting users and platforms in various ways. We had the Samsung+Swift keyboard that was not a single problem but a chain of failures. We also heard from researchers from Indiana University, Peking University and the Georgia Institute of Technology that… Read More

How to overcome the hurdles to mobile application security

by Cigital on Monday, June 1, 2015

By Amit Sethi, Principal Consultant Mobile apps are juicy targets for hackers. Consider the rich data that is captured by a mobile device, including call logs, SME messages and location information. Then, consider the rapidly evolving mobile platforms and frameworks that are new to many development organizations. It is no surprise that many mobile applications… Read More

Internet of Things: Make sure your security strategy is as “smart” as your devices

by Cigital on Monday, June 1, 2015

Household appliances, cars, electronics, security systems, and even medical devices are all becoming smarter. They’ve merged into a WiFi-enabled, cloud-connected network now known as the Internet of Things (IoT). And it’s getting bigger, from seven billion devices in 2009 to more than 50 billion in the year 2020, according to a report by the Federal… Read More

What happens at Archimedes: All There is to Know about Medical Device Security

by Cigital on Monday, June 1, 2015

By Chandu Ketkar, Technical Manager From a security viewpoint, medical devices differ from conventional web applications, mobile applications, and other types of embedded applications which security researchers commonly encounter. First, medical devices come in many forms: devices that are embedded in the human body, used in hospitals, and used by patients at home. Security professionals… Read More

Why You Fix Logjam Later

by Cigital on Thursday, May 21, 2015

Post written by Paco Hope, Principal Consultant & John Kozyrakis, Senior Consultant The Internet is buzzing with talk of “Logjam”, a vulnerability in Diffie-Helman key exchange that allows us to downgrade the cryptography on a connection to something practical to decrypt. An attack leveraging Logjam would be able to see in the clear all the… Read More

IEEE Helps Against Software Development Design Flaws

by Cigital on Monday, May 18, 2015

One of the main focuses of the Software Security industry is ensuring that all code is clear of bugs. But this is only a half of the problem. The other half is the design flaws in the applications coding, which can be avoided in the earlier stages. Examples of this include forgetting to authenticate the… Read More

Reflections from RSA 2015

by Cigital on Tuesday, May 12, 2015

Post written by Jim Ivers, VP of Marketing The 2015 RSA Conference was held April 19-24 at the Moscone Center in San Francisco. I’ve been attending RSA Conferences since 2005, as an attendee and an exhibitor. Here are some reflections on what I saw and heard at the show this year. Sea of People! RSA… Read More

Building Meaningful Security Metrics

by Cigital on Monday, May 11, 2015

Post written by Sammy Migues, Principal, Technology Many people in various security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement. Unfortunately, poorly constructed metrics usually create more confusion than insight. If I told you that testing discovered nine critical vulnerabilities last month, what… Read More

Your Front Door is Locked, but is Your Basement Window?

by Cigital on Tuesday, May 5, 2015

For the average home, the front door is likely the most heavily fortified entry point and, therefore, the hardest to compromise. Similarly, it is a natural inclination to rank applications by perceived risk and then concentrate application security testing on those applications with the highest risk. However, the days when an organization only tests its… Read More

Page 1 of 2812345...1020...Last »