When treating an illness, it is generally more effective to treat the source of the problem rather than the symptoms. Shape Security is trying to do the same in the field of website security. While all other products are geared towards a faster, cheaper, and better way of preventing and stopping attackers, Sumit Agarwal, co-founder and vice president of Shape claims that they are “striking at the core mechanics of how those things work and making them harder to do in the future” by focusing on cutting edge attackers and crimeware ecosystem. Basically, it won’t be “offensive security” but defensive security, making it harder and more costly to do any damage.
With computer science at the core of their research and development, Shape, though relatively new in the field, has caught the eyes of many big names such as Google, Facebook, and Twitter. They have recently announced that their investments total at least $26 million. If they do succeed in their goals, this will greatly change the face of internet security.
Established in 2011 by executives from Google, major defense contractors, and the Defense Department, Shape Security now also employs Google’s former click-fraud czar, Cisco Systems’ former vice president of application security, and Walmart’s former CISO.
For more information, visit: http://www.darkreading.com/database-security/167901020/security/application-security/240145834/web-security-startup-gets-funding-from-google-ventures-former-symantec-ceo.html
This just in for all those Dell Public Cloud customers and VMware vCenter 5.0 environments customers… Dell SecureWorks is proud to announce a new Vulnerability Management Service (VMS) and a new Web Application Scanning (WAS) Service for the Cloud. But that’s not all, they are also offering customers a Global Threat Intelligence Service, which analyzes data in order to find new threats and vulnerabilities. In coming months, they will be launching even more security solutions, so be sure to keep updated.
The Web Application Scanning (WAS) service includes both regularly scheduled or “on demand” scans to determine whether any threats or vulnerabilities are present on any of the web applications, which is where the Cloud has been shown to be more vulnerable. In addition, the VMS service includes scans by Dell SecureWorks security personnel. Customers will be alerted immediately if anything was found during the scan and they will be told how to resolve the problem. Similarly, all Threat Intelligence reports and analysis from the Global Threat Intelligence Service can be accessed through the Dell SecureWorks Portal.These new developments are crucial as many companies are migrating from IT to the Cloud and they need to be sure that their data stays secure.
Though many predict 2013 to be a year of cloud and mobile device hacking, researchers for the Verizon Data Breach Investigations Report (DBIR) foresee threats involving authentication attacks, continued “hacktivism”, and Web application exploits and social engineering to be what we can expect in the coming year. These conclusions are not simply guesses, they are based in empirical evidence which can be used to help organizations focus on the right methods to stay secure.
Verizon’s RISK (Research, Intelligence, Solutions, Knowledge) team has deemed the following to be the most likely data threats:
For more information visit http://gov.aol.com/2013/01/07/security-breaches-what-to-watch-for-in-2013/
Everyone knows that data breaches are increasingly rising and their damage is increasingly costly. The question is: what the source of such vulnerability and how is it preventable? The answer: human error due to poor application design and faulty programming.
With great advancements made in the hacking world, it’s essential to program secure web applications as early as possible in the development phase, according to Pieter Danhieux of the SANS Institute. However, most programming students are ill-equipped when it comes to security. So when it comes to developing, often even the most brilliant have only attended a lecture or two during a course. Consequently, they are unable to develop with security in mind. In all stages of web development, developers, architects, and designers, must be educated in-depth with the methods for keeping their sites secure. In this case, by the time the program is complete, it will be less likely to have vulnerabilities. Though there are other problems, this is the source of the major problem. Danhieux proposes that all web developing courses involve the issue of the security in order to better prepare the students and future developers for the real world.
For more information, visit http://www.infosecurity-magazine.com/view/30106/poor-programming-app-design-bolster-data-breaches/
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.