CIOCISODevOpsDevSecOpsOpen SAMMOWASPSAMMSecure SDLCsecurity maturitySoftware Assurance Maturity ModelsSDLC Learn How You Can Get a Running Start with DevSecOps Feb 18, 2019 by Matthew Rose DevOps is an evolving philosophy, and now is the time–just as you start embracing DevOps in your organization–to start building security into both your DevOps philosophy and processes. DevOps philosophy started with the core principles of W. Edwards Deming’s points on Quality Management, binding the development of services and their delivery to IT Operations. As Read More › CIOCISODevOpsDevSecOpsOpen SAMMOWASPSAMMSecure SDLCsecurity maturitySoftware Assurance Maturity ModelsSDLC
Android AppAndroid WebViewexposed APIMagicLinksMan in the Middleself-replicating worm Feb 14, 2019 by Erez Yalon Read More › Android AppAndroid WebViewexposed APIMagicLinksMan in the Middleself-replicating worm
Account TakeoverBLEbluetoothCheckmarx Security Research TeamInternet Of ThingsIoTLenovo Watch XMitMsmart watchSniffing Your Lenovo Watch X Is Watching You & Sharing What It Learns Feb 12, 2019 by David Sopas A friend of mine offered me a Lenovo Watch X – which costs around €60 – in return for helping him with a security project. I was impressed with the design and the quality of the watch. Of course, I also immediately wanted to test its security. Lenovo Watch X Security Research Summary I think Read More › Account TakeoverBLEbluetoothCheckmarx Security Research TeamInternet Of ThingsIoTLenovo Watch XMitMsmart watchSniffing
AEG Smart ScaleAEG Smart Scale PW 5653 BBLEBluetooth Low Energybluetooth securityCVSS 3Denial of ServicedosInternet Of ThingsIoTprivacysecuritysmart scalevulnerabilities Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT Feb 4, 2019 by David Sopas These days IoT devices are an easy entry point for malicious users to invade users’ privacy. With that in mind, we tested the AEG Smart Scale PW 5653 BT, specifically the Bluetooth security (Bluetooth Low Energy or BLE). We also tested the mobile applications Smart Scale for Android and Smart Scale for iOS. To complete our tests, Read More › AEG Smart ScaleAEG Smart Scale PW 5653 BBLEBluetooth Low Energybluetooth securityCVSS 3Denial of ServicedosInternet Of ThingsIoTprivacysecuritysmart scalevulnerabilities
AISA Australian Cyber ConferenceBitKom Hub BerlinBlack Hat USABSides Las VegasBSides VancouverCISO AfricaDefCon 27DeveloperWeekDevelopmentDevOpsDevOps ConferencesDevSecCon LondonDevSecCon SingaporeGartner Security & Risk Management SummitHouSecConInfosecurity EuropeIT Security Expo and CongressIT-SALes AssisesNullcon X ConferenceRencontres De La SecuriteRSA ConferenceRSA Conference APJsoftware securityTop 100 CISO Awards & Annual Summit Your 2019 Essential Software Security, Development, & DevOps Conferences Feb 1, 2019 by Haidee LeClair “DevOps” encompasses a wide range of topics – throw security in there and you’ve added even more. This roundup includes events throughout the year and around the globe, from small events to community conferences and up. Whether you’re passionate about software security, ethical hacking, software development, cloud security, or DevOps, there’s something on this list Read More › AISA Australian Cyber ConferenceBitKom Hub BerlinBlack Hat USABSides Las VegasBSides VancouverCISO AfricaDefCon 27DeveloperWeekDevelopmentDevOpsDevOps ConferencesDevSecCon LondonDevSecCon SingaporeGartner Security & Risk Management SummitHouSecConInfosecurity EuropeIT Security Expo and CongressIT-SALes AssisesNullcon X ConferenceRencontres De La SecuriteRSA ConferenceRSA Conference APJsoftware securityTop 100 CISO Awards & Annual Summit
agile developmentApplication Security TestingDeveloper EducationDevOpsDevOps cultureDevSecOpsGartner Magic Quadrantsecurity Shifting to DevSecOps, with Software Security Testing Built In Jan 15, 2019 by Matthew Rose Many organizations today are in the process of transitioning to a DevOps-centric approach, but don’t want to leave security behind. In order to build security in from the beginning of their software development process, it’s essential to enhance your security posture by integrating application security testing solutions into the software development life cycle at your Read More › agile developmentApplication Security TestingDeveloper EducationDevOpsDevOps cultureDevSecOpsGartner Magic Quadrantsecurity
API Securityartificial intelligencebreachesCloud AdoptionDevSecOpsHackingIASTInteractive Application Security TestingInternet Of ThingsIoTMachine learningmicroservicesOpen Source Analysisvulnerable IoT objects Software Security Predictions: What to Watch for in 2019 Jan 3, 2019 by Matthew Rose Security breaches regularly made headlines in 2018, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things raced forward. 2019 promises to be another busy year in technology and digital transformation, but what will that look like for software security? Here are our software security predictions Read More › API Securityartificial intelligencebreachesCloud AdoptionDevSecOpsHackingIASTInteractive Application Security TestingInternet Of ThingsIoTMachine learningmicroservicesOpen Source Analysisvulnerable IoT objects
AndroidAndroid WebViewHTTPSSecure Codingsecure coding practicesSSL/TLSWebView Android WebView: Are Secure Coding Practices Being Followed? Dec 20, 2018 by João Morais WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, we wanted to understand how security best practices in WebViews are being implemented in the wild. Are the apps with WebViews, currently available on Read More › AndroidAndroid WebViewHTTPSSecure Codingsecure coding practicesSSL/TLSWebView
AppSec Specialistsbusiness leadersChief Information OfficerChief Information Security OfficerCIOCISOCloud Operationscompliancedata usersDevelopersGDPRIT SecuritylegalPIPEDASDLCSecurity Championssecurity teamsoftware development life 9 Key Players for a Winning Security Team Dec 18, 2018 by Kurt Risley Basketball legend Michael Jordan once said, “Talent wins games, but teamwork and intelligence win championships.” When it comes to something as important as your company’s security, you can’t afford to rely on anything less than a championship security team. What does a championship security team mean for your organization? You may have hired the best Read More › AppSec Specialistsbusiness leadersChief Information OfficerChief Information Security OfficerCIOCISOCloud Operationscompliancedata usersDevelopersGDPRIT SecuritylegalPIPEDASDLCSecurity Championssecurity teamsoftware development life
air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip NFCdrip: Data Exfiltration Research in Near Field Communication Dec 14, 2018 by Pedro Umbelino Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and Read More › air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip