The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
Recent analysis by F5 Labs shows that 68% of malware installed through phishing is hiding in encryption. Security inspection tools such as next-generation firewalls, intrusion prevention systems, data loss prevention systems, and others are increasingly blind to SSL/TLS traffic. In some cases, they introduce latency...
Encrypting and decrypting traffic consumes a lot of computational power, so many security inspection solutions either don't decrypt at all or take such a huge performance hit that they pass along encrypted traffic just to keep up. Whether its traffic coming into your application or internal traffic going out to the...
The increase of SSL/TLS traffic indicates that organizations are more and more focused on safeguarding the integrity of the data that flows through their Internet-facing applications.
However, the concurrent growth of malware hidden within that encrypted traffic is cause for concern. Without visibility into your...
Efforts to protect privacy must be carefully balanced against the need to practically implement advanced technologies, argues Jared Ragland, senior director for policy in APAC at BSA/The Software Alliance, an advocacy group for software companies.
Open source components help developers build and deploy applications faster, but with increased speed comes greater risk. Maria Loughlin of Veracode describes how to reduce those risks through several steps, including component inventories and developer education.
Application threat modeling enables the systematic evaluation of applications from an attacker's point of view, says Fouad Khalil of SecurityScorecard.
DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings.
A new study shows mobile apps in India seek access to more data than apps in other nations, says Shivangi Nadkarni, CEO at Arrka Consulting. Nadkarni says the data protection bill being considered in India eventually could help curb access to information via apps.
Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.
Automotive smartphone apps that can be used to unlock or start a car pose new risks that must be managed, says Asaf Ashkenazi of Inside Secure, a mobile security firm, who provides risk mitigation insights.
As application development teams strive to deploy features and changes into production as quickly as possible, an organization must rapidly adapt to ensure it's security posture is maintained yet doesn't slow down the build-to-deploy pipelines. The power of Kubernetes and Deep Security Smart Check together reduce the...
Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority. Meanwhile, a private equity firm announced that it will acquire application security testing firm Veracode from Broadcom for $950 million in cash.
Open source usage has become a mainstream practice - it's impossible to keep up with today's pace of software production without it. The rise in open source usage, however, has led to a dramatic rise in open source vulnerabilities, demanding that development and security teams address the rapidly evolving issue of...
The ins and outs of open source security all in one comprehensive guide.
Download this joint report by Microsoft and WhiteSource in order to learn more about:
The difference in finding & fixing vulnerabilities in open source components opposed to proprietary code;
How to grasp the unique challenges of open source...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
