data leakage

Survey: Third-Party Code Proves Vulnerable

A recent survey of 307 IT professionals conducted Osterman Research on behalf of PerimeterX, a provider of cybersecurity tools for web applications, suggests there’s a lot of third-party code running on websites ...
Security Boulevard
Cybersecurity Issues in Mobile App Development

Cybersecurity Issues in Mobile App Development

Mobile app development has become a key factor for the success of any business. And as mobile apps have grown more popular among users, it’s important for developers to make security of ...
Security Boulevard
Why Framework Choice Matters

Why Framework Choice Matters in Web Application Security

One of the oldest clichés in web application security is that, "It doesn't matter which framework you choose, if you know what you're doing". In my experienced opinion, off the back of ...
Many Developers Have Yet to Take Responsibility for Code Security, Reveals DevOps Study

Many Developers Have Yet to Take Responsibility for Code Security, Reveals DevOps Study

A DevOps survey revealed that many developers have yet to take responsibility for the security of the code they produce. According to Checkmarx’s report, “Managing Software Exposure: Time to Fully Embed Security ...
Cupertino Code Signing, The Next Generation (Maybe It'll Work)

Cupertino Code Signing, The Next Generation (Maybe It’ll Work)

via Josh Pitts (a staff engineer at OKTA), and writing on the company blog, comes a well crafted explanatory piece on what he has discovered in the third-party-code-signing Apple Inc. (NasdaqGS: AAPL) ...
face-mosaic copy.jpg

Facebookery: The Fourteen Million

News, via Dan Goodin - writing at ArsTechnica - of an apparent dev team screwup at Facebook Inc. (Nasdaq: FB). In which, the crack-dev-team at the purveyor of user data managed to ...
DREAD, The Pirate Approach

DREAD, The Pirate Approach

| | bug bounty, bugs, Code
via the inimitable Adam Shostack (author of The New School of Information Security) and Threat Modeling; a leader in the Threat Modeling arena), whilst writing at his fascinating blog, comes a sterling ...
Proof(s)

Proof(s)

Kevin Hartnett, Senior Writer at Quanta Magazine, expounds on the notion of formal code verification when utilzied to provide assurance of attack-proof code... Similar to unsinkable ocean liners, or truly attack-proof? Or, ...
   via   the inimitable and funny   Daniel Stori   at   turnoff.us

Daniel Stori’s ‘Commitland’

via the inimitable and funny Daniel Stori at turnoff.us ...