Application Security Topic Center

Application security news, in-depth articles and more

7 steps to securing Java

Java, the popular OS-independent platform and programming language, runs on just about every kind of electronic device imaginable, including computers, cell phones, printers, TVs, DVDs, home security systems, automated teller machines, navigation systems, games and medical devices.
Read more...

Apple keeps patching Java on OS X Snow Leopard after proposed drop-dead date

Apple on Tuesday patched Java for the aged OS X Snow Leopard and tweaked Safari to give users more control over what websites they let run the vulnerability plagued Oracle software.

Google adds IT admin features for Chrome browser

Google has beefed up the administration and management controls that IT staff have over their users' Chrome browsers.

Oracle pulls Java 6 plug, but Apple likely to keep patching OS X Snow Leopard

Apple on Monday patched Java 6 for OS X, following Oracle's lead and quashing a browser plug-in vulnerability that hackers have been exploiting.

Adobe releases emergency Flash fixes for two zero-day bugs

Adobe updated Flash Player to patch a pair of zero-day vulnerabilities that hackers were already using to hijack Windows PCs and Macs.

Experts prod Oracle to fix broken Java security

Beset by some very public vulnerabilities in Java, and apparently unable to properly patch those bugs, Oracle must dramatically step up its security game, experts said.

Google revs up Chrome, crushes bugs

Google on Thursday upgraded Chrome, improving the browser's start-up performance and patching two dozen security vulnerabilities.

Oracle to stop patching Java 6 in February 2013

Java 6 will be retired from security support in less than two months, and users and businesses should prepare now for its demise, experts said today.

Skype blocks password resets after account hijacking flaw made public

Skype has disabled the account password reset option on its website following reports that the feature can be abused to hijack Skype accounts if the attackers know the email addresses associated with them.

Fatal half-measures in incident response

It's not a matter of if, but when, you are breached. So what's your plan?

Security Manager's Journal: Rights can be so wrong

Windows service accounts used by software are often given domain administrator rights, just because it's quick and easy. That sort of thing rubs security managers the wrong way.

There's no magic pill for security

Too often, New Year's resolutions to get into better shape are derailed because of a lack of realistic planning. The same thing happens in the security sphere.

Security Manager's Journal: A reality check for the department's maturity

An assessment of the information security department shows that it has a lot of growing up to do yet.

Kenneth van Wyk: The good and bad of Android and iOS

Both Google's and Apple's mobile platforms have security drawbacks and advantages. Is there a clear winner?

Security Manager's Journal: Security has to extend to your customers

When a security manager's company sells software, he can't ignore the potential vulnerability of those products.

Why passwords are failing us -- still!

Three decades into the digital revolution, passwords are still complicated, ineffective and a drain on IT's resources. What gives?Insider (registration required)

Security Manager's Journal: At budget time, you ask and hope to receive

Our manager has a long wish list going into this year's budget season.

Kenneth van Wyk: Digital duct tape for SSL

Secure Sockets Layer has been implicated in several security problems of late. Certificate pinning might patch it up for a bit longer.

On the Lookout for Rogue IT

A seemingly innocent request leads to the discovery of an unapproved, customer-facing SaaS application.

Getting Validation at RSA

Our manager talks to colleagues and attends various breakout sessions and talks, where he might learn something new or (even better) get validation for his security program and priorities.