Application Security
2 views | +0 today
Follow
Your new post is loading...
Your new post is loading...
Scooped by Agile Load testing tool
Scoop.it!

History of Internet and Application Security

This is a timeline history of the Internet and major hacking events from 1995 to today. Explanation of facts on the 4 timeframe let you understand the evolution As a conclusion : Hackers are evolving, Your Application Security must evolve too : Don't be the Hacker's Next lunch !
more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

13 important factors to consider when choosing an Application Security Testing solution

You face the process of selecting the right application security testing solution for your organization. Everybody agrees it should be part of the SDLC and ultimately used by developers, testers or DevOps. Maybe it’s the first time you are introducing application security into the SDLC, or you have tried before and now wish to improve, realizing there is a tool out there much better for your needs. Based on years of experience consulting to organizations on how to build secure development programs, we have compiled a list of the most important factors to consider. This list is based on the processes we have gone through with our customers, and the lessons we learned together. Although the discussed issues are relevant to all organizations, the weight of each issue varies between individual organizations.
more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

When Applications Fail Data Security – Analysis of the JP Morgan Data Breach

When Applications Fail Data Security – Analysis of the JP Morgan Data Breach | Application Security | Scoop.it

JP Morgan issued a warning to 465,000 holders of prepaid cash cards that their personal information may have been accessed by hackers who attacked the JP Morgan network in July. JPMorgan detected the breach only two months later, in the middle of September. At first glance, there was nothing exceptionally interesting about this piece of news. We hear news of such data leaks on a constant basis over the last few years. Behind each of these lies a fundamental failure to protect user data, ignoring basic security best practices. However, this was not the case here.

Agile Load testing tool's insight:

ou cannot implement data security without application security, as your application handles your most sensitive data on a regular basis. The JPMorgan example is something very common: from a pure policy perspective, all data security practices were followed – security controls verifying that the defined data repositories are encrypted were in place, as was a proper audit trail. However, the ad-hoc log files, which are internal to the application, were overlooked and never checked.

more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

Facebook Vulnerability Discloses Friends Lists Defined as Private

Facebook Vulnerability Discloses Friends Lists Defined as Private | Application Security | Scoop.it
The vulnerability
allows attackers to see the friends list of any user on Facebook.
Agile Load testing tool's insight:

This attack is carried out by abusing the ‘People You May Know’ mechanism on Facebook, which is the mechanism by which Facebook suggests new friends to users.

With attacks being on the rise, Facebook is often targeted by hackers for the information it possesses. Users rely on Facebook to maintain their privacy to the best of Facebook’s ability.

more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

Application Security - Security Managers Feel Their Applications are not Secure

Application Security - Security Managers Feel Their Applications are not Secure | Application Security | Scoop.it
Agile Load testing tool's insight:

According to a study conducted by Quotium, only 11% of Information Security Managers feel that their applications are secure, despite the fact that the vast majority of them are using a wide range of solutions to mitigate application threats.

more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

13 important factors to consider when choosing an Application Security Testing solution

Many organizations are currently in the process of adopting, changing or enhancing their suite of application security testing solutions. It could be the first time application security is introduced into the SDLC, or there is a need to improve on existing solutions. It is at the point where all agree that application security should be part of the SDLC and ultimately used by developers, testers or DevOps. To assist with this process, we have compiled a list of the most important factors to consider. The list is based on years of experience of consulting for organizations on how to build secure development programs, the processes we have gone through with our customers, and the lessons we learned together. Three important principles lead the way – Accuracy, Clarity, Simplicity. These three principles need to coincide with your Business Goals. We know that each organization is different, and with the listed concerns being relevant to all , the weight of each concern often varies b
more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

Analysis of the JP Morgan Data Breach When Applications Fail Data Security

Almost Half A Million Corporate Customers’ Data Breached in Cyberattack again JPMorgan Chase website. The bank typically keeps the personal information of its customers encrypted, or scrambled, as a security precaution. However, during the course of the breach, personal data belonging to those customers had temporarily appeared in plain text in files the computers use to log activity. Cyber criminals covet such data because it can be used to open bank accounts, obtain credit cards and engage in identity theft. You cannot implement data security without application security, as your application handles your most sensitive data on a regular basis. The JPMorgan example is something very common: from a pure policy perspective, all data security practices were followed – security controls verifying that the defined data repositories are encrypted were in place, as was a proper audit trail.
more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

The Lessons we can Learn from the MongoHQ Hack

The Lessons we can Learn from the MongoHQ Hack | Application Security | Scoop.it

Database-as-a-Service company MongoHQ has reported a breach in its applications, resulting in the theft of customer private data and authentication credentials. This reminds us of the importance of encrypting sensitive data at rest, two factor authentication, routine employee awareness training and ensuring the security level of internal applications. The security breach at MongoHQ was the result of a combination of factors, together leading to attackers being able to compromise data of MongoHQ customers.

more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

Achieving PCI-DSS Compliance with Seeker

Achieving PCI-DSS Compliance with Seeker | Application Security | Scoop.it

This paper discusses PCI DSS and the vital role it plays in building secure software applications. It will focus on specific requirements that deal with the protection and transmission of cardholder data, regular testing of security systems and processes, which are all essential in establishing strong application security.

Seeker maps all critical data in the application, especially payment card information and data related to authentication, and then tracks these data as they traverse the application to ensure the application does not expose it to risks.

more...
No comment yet.
Scooped by Agile Load testing tool
Scoop.it!

No security ever built into Obamacare site: Hacker - CNBC.com

No security ever built into Obamacare site: Hacker - CNBC.com | Application Security | Scoop.it
It could take a year to secure the risk of "high exposures" of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC.
more...
No comment yet.