Skip the navigation

Application Security Topic Center

Application security news, in-depth articles and more

Application Security News

IBM buys access control and identity management firm CrossIdeas

IBM has added to its security software portfolio with the purchase of Italian access control and identity management firm CrossIdeas for an undisclosed sum, the companies said Thursday.

Symantec tailors sharper small business security suite

Symantec's latest product, Norton Small Business, is perhaps the most well-rounded offering the company has inserted into its product array for small companies.

With the Internet of Things, smart buildings pose big risk

In an Internet of Things world, smart buildings with Web-enabled technologies for managing heat, lighting, ventilation, elevators and other systems pose a more immediate security risk for enterprises than consumer technologies.

Microsoft offers multifactor authentication to all Office 365 users

Microsoft is offering multifactor authentication free as an option to all users of its Office 365 suite, a hosted set of Microsoft Office tools and applications.

Will teens be scared off by Snapchat hack? Probably not

Snapchat, a social media company with a popular photo-messaging app, has taken a blow with a recent hack affecting 4.6 million users.

Flashlight app vendor settles with FTC over privacy violations

The maker of a popular flashlight app for Android phones has agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.

Facebook forces some users to reset passwords because of Adobe data breach

Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe. The company is asking users who used the same log-in credentials for Adobe's online services and Facebook to verify their identity and change their password.

Google clamps down on password security in Chrome 'Canary'

Google has begun work on shutting a hole in its Chrome browser that lets casual thieves steal website and Web service passwords.

Oracle plugs critical security holes that are putting systems at risk

Oracle fixed on Tuesday 127 security issues in Java, its database and other products, patching some flaws that could let attackers take over systems.

Three indicted in alleged source code theft from trading house

Two former traders and a third man have been indicted in New York State Supreme Court for allegedly stealing source code and trading strategy files from a brokerage company with headquarters in the Netherlands.

Application Security In Depth

Security Manager's Journal: Taking steps to better lock down the network

Our manager decides that, like users, resources on the network should adhere to the rule of least privilege.

7 all-in-one security suites: Anti-malware for all your devices

Today's security suites try to protect all (or most) of your devices, and provide Web-based management. We examine how seven major applications compare in terms of features, ease of use and which devices they actually protect.

Evan Schuman: Your data exposed -- Delta, Facebook, others latest to fall into mobile app trap and eHarmony also among those now saying, 'We didn't know our mobile apps did that.'

Are your smartphone apps selling you out?

Apple's App Store, Google's Play store and other app stores are packed with apps that can compromise your security and privacy without you ever knowing anything bad happened. What's a mobile app user to do?

Security Manager's Journal: Hashing out secure applications

In-house developers show themselves to be woefully behind the times when it comes to security via authentication.

Security Manager's Journal: Thinking about passwords

The passwords most people choose could be stronger, but providers need to make it easier to create really strong passphrases. And when will we be able to leave passwords behind and use alternative authentication methods instead?

Bug bounties: Bad dog! Have a treat!

Bug bounty programs are probably very cost-effective for software vendors, but they reward bad behavior.

The true root causes of software security failures

Developers being overly trusting is one of them.

Security Manager's Journal: Rights can be so wrong

Windows service accounts used by software are often given domain administrator rights, just because it's quick and easy. That sort of thing rubs security managers the wrong way.

There's no magic pill for security

Too often, New Year's resolutions to get into better shape are derailed because of a lack of realistic planning. The same thing happens in the security sphere.