Apache warns Struts 2.3 is using a library with a two year old critical flaw
Some versions of Struts 2 by default are using a file upload library with a two-year old remotely exploitable security flaw.
Web application security - News, Features, and Slideshows
News about Web application security
-
-
Infosec Marketplace
The concept of online marketplaces was pioneered by eBay and Amazon many years ago. But these horizontal marketplaces are now being disrupted by vertical marketplaces such as Uber and Airbnb, which use technology to greatly improve the experience of buying and selling of traditional offline transactions. In doing so, these organisations have a well thought out value proposition which is flawlessly executed.
Nigel Phair | 20 Sep | Read more
-
Google bug-hunting Project Zero could face software developer troubles
Google's launch of a bug-hunting initiative has raised concerns over how the company will handle conflicts with vendors unable to patch software before Google's deadline for reporting vulnerabilities.
Antone Gonsalves | 17 Jul | Read more
-
Verizon breach report makes case for behavioral analytics
Verizon's annual data-breach investigations report makes a strong case for behavioral analytics technology that looks for anomalies among user activity to spot hackers.
Antone Gonsalves | 23 Apr | Read more
Whitepapers about Web application security
-
Building a World-Class Web Application Security Program: Microsoft Uses AppSpider
When Microsoft undertook an extensive evaluation of Web Application Vulnerability scanning solutions on the market, the company’s Cloud and Enterprise Security Services team knew it would be no small task. Microsoft wanted to build a world class, scalable Web App Vulnerability scanning service that would serve all of their different service teams in building secure applications. Top on the list of technical aspects was whether the Web App Vuln Scanning solution could handle the general scale of a company as large as Microsoft. Read this case-study to learn what factors went into Microsoft’s key decision criteria in deciding on a web application program for its project.