On August 22, 2018, Apache Struts announced a security vulnerability and patch which remediates a critical remote code execution vulnerability. Apache Struts is a Java-based web application platform used by an estimated 65 percent of Fortune 100 companies. With this latest vulnerability, attackers can exploit a web application...
Learn about Facebook, APIs, and Application Data Mining from the product marketing team a WhiteHat Security.
I’d like everyone to pause, and in their minds and hearts say thank you to the hundreds of engineers at various hardware, software, and security vendors who spent their holidays working on OS patches, browser patches, cloud roll-outs and distribution of patches for Meltdown and Spectre.
While it’s difficult to get permission from one’s corporate communications team or legal department on chatting with vendors, I was able to secure an interview with one of our financial services customers who use both Dynamic and Source code scanning.
As the news unfolds on Equifax and the latest and greatest of the Apache Struts hacks, a co-worker and I were talking about it amongst ourselves. “Why would someone leave a critical vulnerability unpatched for months?”, my co-worker asked in puzzled tones.
Our aim in creating the Learning Labs is to help everyone – developers, security practitioners, and executives - understand the risks in all applications, help IT staff understand how application security fits into their wider security ecosystem, and help teach developers how to write more secure code to make business safer for customers.
Every time someone comes to me for career advice, or asks where I think they should look for their next big opportunity, I say – “Consider a career in cybersecurity.” It is a huge field with a broad spectrum of job opportunities.
In this article, I’m going to help you interpret how the different parts of this cybersecurity regulation touch on AppSec – that is, your websites, your mobile applications, your internal payment systems and networked third-party services.
IDC predicts that by 2020, data breaches will affect nearly 25% of the world’s population.
Follow on to the Growing the Role of Women in AppSec webinar held on 3/23. Here's another real-world anecdote of how to move from no skills into tech and security, along with all the Q&A we didn't get to on the Webinar.
The Atlantic published a great article, and here’s why I love it: We are finally talking in the right circles about the challenges of overcoming bias, of unrecognized privilege in the world.
So now that I’ve established myself as a lover of FB and social media, may I ask that you all please carefully consider which additional new and (worse) seldom-used applications that you grant permission to “Log On with Facebook?” (Or Google+, or Twitter – I’m not just targeting any one federated login mechanism.)
But then we got mobile devices, and executives fell in love with tablets. And then smart objects, from buildings to cars and medical devices. The boundaries of the network keep growing, but we security experts keep saying that the user is the weakest link.
I’m here to give you reason to properly fear certain kinds of memes and surveys and social media games, because they are major security risks to you and yours. Let me explain.