Application Security

News & Commentary
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Most Websites and Web Apps No Match for Attack Barrage
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The average website is attacked 50 times per day, with small businesses especially vulnerable.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Robert Corradini, Director of Product Management at 5nineCommentary
Do 'cloud-first' strategies create a security-second mindset?
By Robert Corradini Director of Product Management at 5nine, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
F-Secure Buys MWR InfoSecurity
Dark Reading Staff, Quick Hits
Finnish endpoint security company buys British security service provider in cash deal.
By Dark Reading Staff , 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security CompassCommentary
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
By Rohit Sethi COO of Security Compass, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Enterprise IT Juggling 20-Plus SecOps Tools
Dark Reading Staff, Quick Hits
Lack of integration also a big issue among decision makers.
By Dark Reading Staff , 6/8/2018
Comment0 comments  |  Read  |  Post a Comment
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
DevSecOps Gains Enterprise Traction
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
'Strutting' Past the Equifax Breach: Lessons Learned
Kevin E. Greene, Software Security Assurance Thought LeaderCommentary
In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.
By Kevin E. Greene Software Security Assurance Thought Leader, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Panorays Debuts With $5 Million Investment
Dark Reading Staff, Quick Hits
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
By Dark Reading Staff , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
'EFAIL' Is Why We Cant Have Golden Keys
Adam Shostack, Founder, Stealth StartupCommentary
A deep dive into the issues surrounding an HTML email attack.
By Adam Shostack Founder, Stealth Startup, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Web Application Firewalls Adjust to Secure the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Telegram: Apple Has Blocked Updates since April
Dark Reading Staff, Quick Hits
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Open Bug Bounty Offers Free Program For Websites
Jai Vijayan, Freelance writerNews
Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
By Jai Vijayan Freelance writer, 6/1/2018
Comment1 Comment  |  Read  |  Post a Comment
Report: Cross-Site Scripting Still Number One Web Attack
Dark Reading Staff, Quick Hits
SQL injection is the second most common technique, with IT and finance companies the major targets.
By Dark Reading Staff , 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Git Fixes Serious Code Repository Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
GitHub, Visual Studio Team Services, and other code repositories patching to prevent attackers from targeting developer systems.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Investments You May Be Wasting
Kelly Sheridan, Staff Editor, Dark Reading
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.