Phishing. An ancient attack by internet standards, that both the general public and developers are aware of to different extents. Phishing relies on social engineering to allow hackers to gain access to sensitive data through fraudulent call-to-actions which mimic alerts from trusted brands and sources.
We’re starting something new today: An AppSec news story roundup that you can either read or watch via our Whiteboard Roundup below! We look forward to helping our readers stay up-to-date with all they need to know about AppSec – so please let us know what you think below and if we’ve missed any good security
When was the last time you left your house holding your social security card, all of your credit cards, health records, passwords, and a record of all the highly intimate messages that you’ve sent to your friends and loved ones? Who would leave their house with all of this sensitive stuff? It would fill
Users expect the apps they download to be secure and safe, in addition to fast and feature-packed. It’s up to the organizations releasing applications – which most likely includes you, if you’re reading this – to meet (and exceed) their expectations. If you don’t meet expectations, you’re in bad luck: A 2013 study found that
In recent years, the advent of mobile and cloud computing revolution has brought to light a serious issue affecting both organizations and individuals: software security. Every day, there’s a new story we hear about some website or application being penetrated, releasing sensitive information that is sold, abused, and exploited. As a consequence, companies lose their credibility (along with
In early April 2016, reports emerged detailing history’s largest data leak, the Panama Papers. This incredible leak of sensitive data concerning both Mossack Fonseca and their clients contained 2.6 TB of data which included 11.5 million documents relating to over 200,000 companies and exposed the hidden fortunes of politicians, dictators and the super-rich. In comparison to
Application security is finally beginning to hit the mainstream, and organizations are beginning to see the benefit and need of securing their applications, both internal and external. With so many facets to AppSec, it can be hard to know where to start, especially when trying to build a program from scratch.
In an ongoing effort to share their knowledge and expertise, Google recently announced on its security blog that they have released to open source their Vendor Security Assessment Questionnaire (VSAQ) on GitHub under the Apache License Version 2. The Google Vendor Security Review Tool questionnaire is used by Google to evaluate the quality of security
In mid March, the advanced software researchers at NorthBit released a video and detailed research PDF demonstrating proof of concept of a notorious exploit that can essentially offer hackers control over device hardware and data of certain Android phones. This latest exploit of Android’s Stagefright is referred to as “Metaphor.”
It’s 2016 – and yet, somehow, ‘easy-to-avoid’ vulnerabilities like SQL injection and XSS can be found on websites of government agencies, Global 500 companies, as well as in highly sensitive medical and financial applications developed and deployed around the world. Two decades of the same kinds of attacks and we still haven’t gotten secure application