Application security and coding requirements news, help and research

News : Application security and coding requirements

January 19, 2022 19 Jan'22
Investigators find Beijing 2022 app riddled with security flaws

Security flaws in Olympic app may put personal health data at risk of compromise in a man-in-the-middle attack
January 17, 2022 17 Jan'22
Top three questions about the Log4j vulnerability

Singapore’s Ensign Infosecurity answers the top three questions about the impact of the Log4j vulnerability
January 12, 2022 12 Jan'22
Microsoft fixes six zero-days in January Patch Tuesday update

A larger than of late Patch Tuesday update from Microsoft comes as defenders continue to grapple with Log4Shell
January 11, 2022 11 Jan'22
Almost half of Log4j downloads still dangerously exposed

Whether by error or design is unclear, but a great many IT teams are still exposing themselves by downloading outdated, insecure versions of Apache Log4j

Bridging the gender gap in cyber security

Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap Continue Reading
Considerations when deciding on a new SIEM or SOAR tool

A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading
Five ways to ensure remote working security and compliance

A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading

2022: Time to take algorithm-enhanced online abuse seriously

The algorithms used by dominant social media companies have compounded the risks to unsupervised children in their bedrooms by automating the processes predators use to find and groom potential ... Continue Reading
Log4Shell: Why aren't we taking the security of the internet seriously?

To be caught out once may be an oversight, and lessons can be learned. But twice over a seven year timespan, shows a laissez faire attitude to the stability of the internet. In 2014, Heartbleed ... Continue Reading
A For Automation

You might think that 3+ decades into the life of dedicated IT security products that said security landscape would be clearly defined and managed. In reality, it is anything but. The problem is not ... Continue Reading

Security Think Tank: In the cloud, anti-human approaches set us up to fail

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
Changing the rules against cyber attacks

UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing Continue Reading
No easy fix for vulnerability exploitation, so be prepared

Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this Continue Reading

CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com

In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies.
Lauri Love: how reformed hackers halted the WannaCry virus

Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT.
Screencast: Employ the FOCA tool as a metadata extractor

Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.