The State of End-User Security—Global Data from 30,000+ Websites

We live in a rapidly changing environment. Mobile commerce is skyrocketing, browsers/OS are changing, web applications enable increasing functionality—yet the only thing that seems con

Android Serialization Vulnerabilities Revisited

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in

Hacking Exposed: The Mac Attack

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically se

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Imagine being dependent on a wireless infusion pump to receive the correct dosage of life-supporting medication. Now imagine the implications, were that pump to be malicious

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. 

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record

Facebook Fixes Major 'Brute Force' Bug - 9th Mar

Bangalore-based Anand Prakash discovered a serious flaw on the developer sites beta.facebook.com and mbasic.beta.facebook.com. On the regular Facebook site, the limit is set to 10-12 invalid attempts

Your organization is already moving to the cloud; the question is, are you going to blindly follow the movement or will you lead the charge? Your IT security team needs the right tools to gain visibility and understanding into your employees’ use of

Glibc Flaw Affects Thousands Of Linux Apps But How Dangerous Is It? -17 Feb

Researchers at Google and Red Hat disclosed the vulnerability in glibc on Tuesday. They described the issue as a critical buffer overflow vulnerability which, when exploit

Here are some Tips To Evaluate Your Readiness Before Implementing Data Loss Prevention (DLP) Solution:

• Your organization have developed appropriate policy to govern the use of Data Loss Prevention (DLP) solution
  To draw true value from any DLP depl

( Read More: Top 10 'Incident Response & SIEM' talks from RSA Conference 2016 (USA) )

Here are 5 Reasons which may help you understand the Security Information & Event Management (SIEM) benefits. You may want to consider an SIEM solution in followi

With the introduction of sophisticated threats, such as advanced phishing, pharming and malware, authentication has become less effective. Authentication methods—including out-of-band and one-time passwords—as well as security questions can be bypas

80/20 rule (also known as Pareto Principle) is one of the most beautiful rules which helped me to achieve as well as fail. In most of the cases where I went wrong it finally turned out to be figuring out the “right few”. This is probably one of the m

Formal Modeling and Automation is one of the things I love. I try to model everything and sometimes modeling helps and sometime it lands me in trouble. It helped me when I tried to model Penetration Testing and worked with my co-founder to design our

Bug bounty programs are quite common these days with several of the biggest names in the industry have launched various avatars of the program. I have been asked by a few security managers and managements about should they launch a bug bounty program

From our experience of helping organizations in building their ‘Vulnerability Management’ program, we feel that one of the major challenge the security manager/management faces does not always know the reality on the grounds. Obviously the management

There is a plethora of web application scanner ; every one of which claims to be better than the other. It is indeed a challenge to differentiate between them. We need to benchmark the application scanner against hard facts and not marketing claims.

We have heard a lot about secure SDLC (Software Development Life Cycle). So, what next? Everything transforms with time and now is the time for Secure SDLC to be transformed. Secure SDLC is probably going to get metamorphosed into Secure Dev-Ops.

What

Choosing the right Application Security Testing Service Provider is not always an easy task. By asking the right questions and knowing what answers to look for, you can conduct the thorough evaluation of the various vendors available in the market an

Ethical Hacking or Penetration Testing had always been a career sought after by many. It is glamorous. It pays well. It also tickles the small little devil inside all of us. However, as everything else, Ethical Hacking as a career is also undergoing

Application Security has emerged over years both as a market as well as a technology. Some of the key drivers had been the explosion in the number of applications (web and mobile), attacks moving to the application layer and the compliance needs. Fol