HackDig : Dig high-quality web security articles for hackers

Do You Know Your Responsibilities When It Comes to Container Security?

As you migrate your enterprise to the public cloud or multicloud, you want to realize some of its inherent benefits regardless of what service model you utilize. Whether your goal is cost optimization, scalability or elasticity, the cloud can allow your enterprise to adopt newer, cutting-edge technologies to innovate your business without the burden of havin
Publish At:2020-03-24 07:55 | Read:896 | Comments:0 | Tags:Cloud Security Application Development Application Security

A Guide to Easy and Effective Threat Modeling

Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Ef
Publish At:2020-02-27 09:41 | Read:1528 | Comments:0 | Tags:Application Security Security Intelligence & Analytics Appli

Three Practical Tips That Empower Developers and Prevent Open Source Security Risks From Entering Your Code

Employees use open source applications in organizations of all sizes and across all industries, and this trend shows no signs of slowing down. It is both cost effective and efficient to incorporate source code into software during the development stage. With all those extra resources, developers can focus more on the organization’s proprietary code. Ac
Publish At:2017-08-21 15:05 | Read:5329 | Comments:0 | Tags:Application Security Risk Management Application Development

Incorporate Application Security Checks and Balances Into Your Organization’s Citizen Developer Initiatives

The first time I heard the term “citizen developer,” I thought it might be the name of a new blockbuster summer movie. However, citizen development has morphed from a trendy IT catchphrase to a powerful force that’s transforming the way organizations develop software. But as your organization opens its doors to citizen developers, how do yo
Publish At:2017-05-22 11:55 | Read:4186 | Comments:0 | Tags:Application Security Application Development Application Sec

Know Your Apps: Explore the IBM Security App Exchange Ecosystem for Collaborative Defense

Collaboration, integration and teamwork are jargon you might hear daily in your professional life. We strive to collaborate with our colleagues, family and friends to achieve our personal goals and share expertise. In 2015, IBM Security took this collaborative approach to the next level by launching the IBM Security App Exchange, a marketplace for the secur
Publish At:2017-05-03 13:10 | Read:5164 | Comments:0 | Tags:Security Intelligence & Analytics Threat Intelligence Applic

AppConfig Community Membership Soars

Today, the AppConfig Community released its annual report, exhibiting strong growth across all associated membership categories: independent software vendors (ISVs), mobile application developers and enterprise mobility management (EMM) providers. Membership has soared to 90 ISVs, more than 1,400 developers and 19 EMM providers since the community’s in
Publish At:2017-04-17 01:45 | Read:4144 | Comments:0 | Tags:Mobile Security Application Development Application Security

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years la
Publish At:2017-03-27 13:00 | Read:5142 | Comments:0 | Tags:Application Security Application Development Application Sec

Inside the Mind of a Hacker: Attacking Web Pages With Cross-Site Scripting

In the previous three chapters of this series, we discussed ways for developers to put their hacker hats on and program defensively to prevent security bugs from cropping up in their software. We described the nature of SQL injection, OS command injection and buffer overflow attacks. We did not, however, touch upon the No. 1 issue that plagues web applicatio
Publish At:2017-03-13 17:00 | Read:5507 | Comments:0 | Tags:Application Security Application Development Cross-Site Scri

The Coming Revolution of Voice Control With Artificial Intelligence

As consumer devices become more capable, with voice control assistants such as Apple’s Siri, Amazon’s Alexa, Microsoft’s Cortana and Google’s Assistant, it is only natural to expect these artificial intelligence (AI) applications to move into more business settings. These capabilities could emerge in a number of areas, such as voice c
Publish At:2017-02-16 17:00 | Read:5016 | Comments:0 | Tags:Application Security Cognitive Application Development Artif

The CIO Must Take Charge of the Organization’s Application Portfolio

There was a time when every application used in the enterprise application portfolio was either selected and deployed by the chief information officer (CIO) or at least vetted under the management of IT. The advent of software-as-a-service (SaaS) computing options led to the rise of shadow IT, which has allowed individuals to make their own decisions about w
Publish At:2017-01-13 22:00 | Read:5071 | Comments:0 | Tags:Application Security CISO Application Development Chief Info

Secure By Design: Antidote for Dynamic Cyberthreats

There was an interesting twist to the recent distributed denial-of-service (DDoS) attack against domain name provider Dyn that plunged huge areas of North America and Europe into internet darkness: The perpetrators didn’t directly attack the servers of their ultimate target. Instead, they compromised 100,000 small, interconnected devices with weak defa
Publish At:2016-12-22 06:10 | Read:5058 | Comments:0 | Tags:CISO Application Development Command Center security by desi

RASP rings in a new Java application security paradigm

Runtime Application Self Protection (RASP) is a next-generation cyber security technology designed to redress some of the weak points of application security. Unlike firewalls or code analysis, runtime-based technologies contain application data and contextual awareness, enabling them to be both precise and preemptive.In this article I introduce RASP. I'
Publish At:2016-10-21 02:45 | Read:4463 | Comments:0 | Tags:Security Application Development Enterprise Java

Business transformation proves to be a catalyst for cybersecurity spending

As enterprises accelerate their use of cloud computing, online services, and ready themselves for internet of things deployments, they are finding themselves strained to find the cybersecurity talent and security tools needed to secure these efforts. That’s one of the most important takeaways from the Global State of Information Security Survey (GSISS) 2
Publish At:2016-10-06 07:25 | Read:4725 | Comments:0 | Tags:Leadership and Management Security IT Industry Cloud Computi

Microsoft opens up its 'million dollar' bug-finder

Microsoft is previewing a cloud-based bug detector, dubbed Project Springfield, that it calls one of its most sophisticated tools for finding potential security vulnerabilities.Project Springfield uses "whitebox fuzzing," which uncovered one-third of the "million dollar" security bugs during the development of Windows 7. Microsoft has been using a compon
Publish At:2016-09-30 05:15 | Read:3978 | Comments:0 | Tags:Application Development Cloud Computing Security

IDG Contributor Network: Three reasons why CIOs should play PokemonGo

PokemonGo reached $500 million in revenue faster than any other game in history. At this point, we don’t know if the mobile landscape is forever altered or if PokemonGo will be the app equivalent of Milli Vanilli.Most of my conversations with colleagues and clients have focused on whether or not it is socially acceptable for adults to play PokemonGo. Unl
Publish At:2016-09-15 18:00 | Read:3479 | Comments:0 | Tags:Application Development Mobile Cloud Computing Security IOS