Application Security News, Features, and Interviews

News

Yahoo confirms gigantic breach: 500m users affected

If you have an account with Yahoo and haven’t changed your password since 2014, now is the time to do it. The company confirmed today a copy of sensitive user account information was stolen from its network in “late 2014” and suspects the attacker was a state-sponsored actor.

Liam Tung | 23 Sep | Read more

Infosec Marketplace

The concept of online marketplaces was pioneered by eBay and Amazon many years ago. But these horizontal marketplaces are now being disrupted by vertical marketplaces such as Uber and Airbnb, which use technology to greatly improve the experience of buying and selling of traditional offline transactions. In doing so, these organisations have a well thought out value proposition which is flawlessly executed.

Nigel Phair | 20 Sep | Read more

The week in security: Empowered CISOs in firing line; ANZ firms' document protection found wanting

IT industry luminaries united for industry organisation ISACA's Oceania CACS event, with digital disruption high on the agenda and experts expounding on issues such as the ongoing cyber security skills crisis, the gender-based skills gap, a top-down view of the cybersecurity response from the AFP's point of view, and the security issues at the Department of Chickens.

David Braue | 19 Sep | Read more

More Application Security news

Reviews

USB Secure Flash Drive Product Review

A vast majority of today’s workforce use USB memory sticks, they offer unequalled convenience for transferring data. In most situations, if the data is not confidential, a standard USB stick quite acceptable, but what do you use if your data is sensitive?

Enex Testlab | 24 Aug | Read more

WatchGuard XCS770R Email Security Appliance Review

In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.

Enex Testlab | 22 Jun | Read more

More Application Security reviews

Slideshows

In Pictures: CSO's Identity Driven Access Management Round Table

It's the centenary of the commencement of World War One. Back then, there were borders to protect. The soldiers knew who they were fighting and there were very few incursions where one side crossed a border undetected. Today's battles are different. The bad guys are stealing the good guys’ passwords and identities to get access to whatever they want. And they often wait weeks or even months before revealing their true objectives.

Abigail Swabey | 22 Oct | Read more

More Application Security slideshows

Features

Does DevOps hurt or help security?

There is a firmly held concern in security circles that the automation associated with DevOps moves too swiftly, that security teams and their tests can't keep up, that too many of the metrics measured focus on production, availability, and compliance checkboxes, and as a result, security falls to the wayside.

George V. Hulme | 01 May | Read more

NEWS FEATURE: Debate rages over how to manage personal mobile devices used for work

Increasingly, businesses accept the idea that employees should be able to <a href="http://www.networkworld.com/columnists/2011/072711-andreas.html?hpg1=bn">use their personal mobile devices</a>, such as <a href="http://www.networkworld.com/slideshows/2010/061510-smartphone-history.html">smartphones</a> and tablets, for work. But debate is raging as to whether these employee-owned devices should be <a href="http://www.networkworld.com/news/2011/061511-smartphones-tablets-security.html">managed and secured</a> exactly as corporate-owned devices might be.

Ellen Messmer | 28 Jul | Read more

5 open source security projects to watch

Data security is always top of mind for CIOs and CSOs, and there is no shortage of challenges when it comes to picking the right tool for the job. With network and software vulnerabilities growing at a perpetual rate, good security software can help defend against many of the large-scale threats that occur locally and from all over the Internet. In this edition of 5 open source things to watch, we take a look at security products that will guard against threats without robbing your kitty.

Rodney Gedda | 20 Jan | Read more

5 'Great' Open-source Desktop Security Applications

Contributions from free and open software makers can be found throughout the tech world. From your datacenter to the desktop and everywhere in between; there's an open solution to your computing needs. This is no less true in information security. My focus in this article is the several outstanding information security desktop tools that personify the innovation and ingenuity of the FOSS (Free and Open Source Software) world. Please keep in mind that all of these applications (except one) are cross-platform so you can find appropriate versions on whatever you run (BSD, Mac OSX, Linux or Windows). The examples herein, however, will be catered to the largest install base (statistically): Microsoft Windows.

Joseph Guarino | 01 Apr | Read more

More Application Security features

Tutorials

Ten tips to secure client VPNs

If you have given your trusted employees and key contractors remote access to your network via a client virtual private network (VPN), congratulations! By now, you have seen the productivity and cost benefits from allowing collaboration that surmounts geographical separation.

Martin Heller | 03 Oct | Read more

More Application Security tutorials

Opinions

​Security in 2020 – Data Security is Key

Gone are the days when data was confined to the data centre and we could put a virtual fence around it and protect it. Now data is everyone with multiple copies of it. This causes a massive headache for CISOs who are tasked with protecting this data from falling into the wrong hands. The question then arises, with data literally everywhere, how do we achieve this?

Ashwin Pal | 02 Aug | Read more

Do you have an Insider Threat Program?

Insider threats are increasingly on our radar, we saw a recent example in Australia with an Bluescope Steel employee taking out company documents. Also two scientists at Glaxo Smith Kline research scientists in another well publicised incident- Yu Xue and Lucy Xi, were charged with stealing trade secrets.

David Gee | 01 Apr | Read more

More Application Security opinons

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place