Security Headers on the Top 1,000,000 Websites: March 2014 Report

The March 2014 report is going to be a bit different than those in the past. This is primarily due to architectural changes that were made to get more precise data in less time. Additionally, a lot of work has been done to automate generation of these reports so they can be released more often. […]

Guidelines for Setting Security Headers

As part of our Alexa Top 1 Million Security Headers post series(Nov 2012 – Mar 2013 – Nov 2013,) it is not uncommon to have to go back and re-read specifications to determine which header values are valid. While there are numerous sites that detail the various headers and what they do, there isn’t a […]

RSA Perspective: Is It Time For A Cyber Safety Board?

We have government agencies to monitor the safety of cars, roads, bridges and air travel. What’s so special about cyber? If you caught the headlines last week, you might have read about the developing scandal over a fatal problem with ignition switches in General Motors cars? The automaker has been forced to recall 1.37 million […]

Are You Ready for the Inevitable Question on Software Security?

Independent software suppliers need to recognize the tide of change that is coming from their largest enterprise customers. Over the course of 2013, I witnessed a shift in security. As we learned about government surveillance and suffered through credit card replacements as a result of the Target Breach, questions of security have come to the […]

Stuck in the Cold: Not ALL the Cool Kids go to RSA

So once again, I’m not attending RSA. While my counterparts are working our booth in their new Veracode kicks, and meeting with customers, I’m perusing the RSA conference videos and podcasts for interesting things to read. The Risk and Responsibility in a Hyper-Connected World podcast got my attention – mostly because it promised some research: “Findings and perspective […]

Reversing Kony JavaScript iOS Applications

Researched by William Spires and Stephen Jensen. That Was Then, This is Now Just five short years ago, if you wanted to create an iOS application, you had to either take a crash course in Objective-C programming or hire someone to create the application for you. It was truly the beginning of a mobile revolution, […]

When is a Security Breach Not a Security Breach?

UK supermarket giant Tesco was in the news recently for the wrong reasons after details of 2,240 customer accounts appeared on Pastebin. Tesco moved quickly to suspend the accounts in question, but an unlucky few did have store vouchers stolen; not to mention email addresses and passwords on display for the world to see. This […]

Application Security at RSA: The Coming Storm

The push for more and better application security bumps up against another trend: data ambition. North America’s information security royalty will be in San Francisco next week for The RSA Security Conference. It’s the security industry’s biggest, annual conference. And, like the information security industry itself, RSA is booming. The topic of application security – […]

It Eats Application Threats for Breakfast – and It Eats 24/7

Application security is hard. It’s big and complex. And it just might be “the last frontier” for cyber-security (at least for now). Unlike network or endpoint security, you can’t just put another box on the network to secure the application layer. For one thing, there are people and processes involved — developers in São Paulo and Sri […]

Do Not Pass QA, Do Not Goto Fail: Catching Subtle Bugs In The Act

Bugs happen. Severe bugs happen. Catastrophic bugs happen. There’s simply no way to know how, exactly, the Goto Fail Bug – a tiny mistake which happened to disable an entire step of SSL verification deep in Apple code – ended up getting written into sslKeyExchange.c and saved. What is clear is that the bug got through Apple’s QA process unnoticed and ultimately shipped on iOS and OSX. Let’s consider for a moment that this bug was committed to your codebase during routine refactoring. How certain are you, really, that you would catch it? What can we do to improve the likelihood it will be caught?

1 4 5 6 7 8 68