Shining a Flashlight on Mobile Application Permissions

The Federal Trade Commission (FTC) recently completed and announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular “Brightest Flashlight” application for Android. Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a […]

Time to Crowdfund Open Source Security?

Will crowd funding bug bounties for OpenSSL solve its security problems? Probably not. For years, security experts and thought leaders have railed against the concept of “security through obscurity” – the notion that you can keep vulnerable software secure just by preventing others from understanding how it works. Corporate executives worried about relying on open […]

Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part II

Welcome to another round of Agile SDLC Q&A. Last week Ryan and I took some time to answer questions from our webinar, “Building Security Into the Agile SDLC: View from the Trenches“; in case you missed it, you can see Part I here. Now on to more of your questions! Q. What would you recommend […]

Heartbleed And The Curse Of Third-Party Code

The recently disclosed vulnerability in OpenSSL pokes a number of enterprise pain points. Chief among them: the proliferation of vulnerable, third-party code. By now, a lot has been written about Heartbleed (heartbleed.com), the gaping hole in OpenSSL that laid bare the security of hundreds of thousands of web sites and web based applications globally. Heartbleed […]

Agile SDLC Q&A with Chris Eng and Ryan O’Boyle – Part I

Recently, Ryan O’Boyle and I hosted the webinar “Building Security Into the Agile SDLC: View From the Trenches”. We would like to take a minute to thank all those who attended the live broadcast for submitting questions. There were so many questions from our open discussion following the webinar that we wanted to take the […]

Hell is Other Contexts: How Wearables Will Transform Application Development

Wearable technology is in its infancy. But don’t be fooled: the advent of wearables will fundamentally change the job of the application developer. Here’s how. There’s no doubt about it: wearable technology is picking up steam. But as wearables gain traction with consumers and businesses, application developers will need to tackle a huge, new challenge, […]

Introducing the iOS Reverse Engineering Toolkit

It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]

Managing Flaw Review with a Large Multi-vendor Application

The previous blog post in this series discussed strategies for the large-scale deployment of the Veracode static code analysis tool across a large enterprise focusing on strategies and techniques for ensuring rapid adoption within individual development teams typically responsible for self-contained homogenous applications. However in a large enterprise there exist applications which are developed by […]

RSA Perspective: Is It Time For A Cyber Safety Board?

We have government agencies to monitor the safety of cars, roads, bridges and air travel. What’s so special about cyber? If you caught the headlines last week, you might have read about the developing scandal over a fatal problem with ignition switches in General Motors cars? The automaker has been forced to recall 1.37 million […]

Reversing Kony JavaScript iOS Applications

Researched by William Spires and Stephen Jensen. That Was Then, This is Now Just five short years ago, if you wanted to create an iOS application, you had to either take a crash course in Objective-C programming or hire someone to create the application for you. It was truly the beginning of a mobile revolution, […]

1 2 3 23