InfoQ Homepage Application Security Content on InfoQ
-
Google to remove support for SSL 3.0
Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.
-
Waratek Release Early Version of their Application Security
Waratek released an early adopter version of Waratek Application Security for Java, to protect older Java applications from vulnerabilities in legacy Java versions.
-
Heartbleed allows dumping client and server memory remotely
The recently disclosed Heartbleed bug allows a remote client to query the contents of a remote SSL server's memory when using vulnerable versions of OpenSSL, disclosing passwords and other secure credentials to eavesdroppers. Application sites like Yahoo! Mail and Amazon Web Services have been affected. Read on to find out more about what the bug entails,and what you should do.
-
Continuous Security Testing With Gauntlt
James Wickett, from Gauntlt core team, gave a tutorial at Velocity Conf London about integrating security testing in the continuous integration cycle for early feedback on application security level. James stressed the importance of regularly checking for security as release delivery rates increase with continuous delivery.
-
DevOps Days Amsterdam Day 1 Focused on Continuous Delivery and DevOps Culture
The first day of DevOps Days Amsterdam had its focus split between continuous delivery and promoting a DevOps culture. Talks focused on how to automate the deployment pipeline but also system recovery in case of failure. On the culture side leveraging distinct personality types to successfully introduce changes and the positive impact of strong company culture on hiring were some of the takeaways.
-
RSA Panelists Reinforce that DevOps Boosts Application Security
Smaller releases, automated testing, and a culture that embraces security are the reasons why panelists at the RSA 2013 conference say that Devops can be a huge boon for application security.
-
Powering Your Apps with Microsoft Accounts
A central theme with Windows 8 is the Microsoft Account. This is another attempt to offer a single sign-on system for both Microsoft and third-party services. Microsoft Account is available for Windows 8 apps, normal websites, Windows Phone, Android, and iOS.
-
Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services
A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" exposes critical vulnerabilities in the creation and usage of SSL libraries in non-browser applications. The lessons learnt and the ensuing recommendations to developers and testers are shared in this news item.
-
Security for Windows Store Apps
In the past there was an assumption that only popular applications and services will be attacked. But these days even new services with few or no users is liable to find itself under the hacker’s microscope. In a recent //Build session, Josh Dunn discusses some of the common vulnerabilities found in Windows 8 applications.