Software as Fuel: If Software Isn’t Secure, Nothing Is
Application and Cybersecurity Blog | Security Innovation
by
3w ago
Software is the bedrock of the world's digital existence. It also underlies many of the systems and processes that we rely on daily. Software is everywhere—on our desks, in our vehicles, in communication networks, in commerce, in logistics, and in our homes. With software everywhere, malicious actors have an expanded attack surface to target ..read more
Visit website
CMD+CTRL Training: Q2 2024 Release in Review
Application and Cybersecurity Blog | Security Innovation
by
1M ago
Security Innovation’s quarterly update to the CMD+CTRL training catalog is aimed at providing our customers with the most up-to-date training, focused on current technology and threat trends to help prevent vulnerabilities and protect data across multiple development languages and platforms. This latest release is focused on providing education and training for technology and management teams using both traditional and modern application development methods ..read more
Visit website
Beyond Blue and Red Teaming: How Anyone Can Have a Career in Cybersecurity
Application and Cybersecurity Blog | Security Innovation
by
1M ago
Contrary to what many people imagine, the figure in a dark hoodie sitting in front of a glowing computer screen is not the face of a career in cybersecurity. In an overwhelmingly digital world, cyber adversaries can target a vast attack surface. Threats are pervasive. Every point across an organization's attack surface must be protected. There are thousands of pieces that must successfully work together to do that—which takes people with varied expertise ..read more
Visit website
Women in Cybersecurity: Rocking Code Ahead of Their Time
Application and Cybersecurity Blog | Security Innovation
by
3M ago
March 1st kicks off Women's History Month in the U.S., which was launched in 1987 as a celebration of women’s contributions to history, culture, and society. To celebrate, we're highlighting women who were pioneers in the field of cybersecurity.  Their contributions in the areas of coding, analysis, pattern matching, and computing laid the foundation for today's cyber defenses. These ladies were rocking code before the internet was invented ..read more
Visit website
CMD+CTRL Training: Q1 2024 Release in Review
Application and Cybersecurity Blog | Security Innovation
by
4M ago
Q1 CMD+CTRL UPDATE: 2 NEW COURSES AND 9 NEW LABS Security Innovation is proud to add two new courses and nine new labs to the CMD+CTRL training catalog for Q1 2024. Concentrating primarily on AI Privacy and Risk, .NET Programming, Secure Android Development, Secure Coding labs based on CWE Top 25 vulnerabilities, and Host Vulnerability Scanning. All new content will be available to learners on February 14, 2024 ..read more
Visit website
Preventing Initramfs Attacks in TPM-Based Disk Encryption
Application and Cybersecurity Blog | Security Innovation
by Max Arnold
6M ago
This is a 2-part series where we'll explore vulnerabilities in systems that use Trusted Platform Modules (TPMs) for disk encryption, exposing the risks of unverified initramfs images and bus sniffing attacks. In this article, we'll look at how disk encryption uses the initramfs and you'll see why using PCR 9 is so important for properly securing a system ..read more
Visit website
Stopping Bus Sniffing with TPM Parameter Encryption
Application and Cybersecurity Blog | Security Innovation
by Max Arnold
6M ago
  In my previous post, I explained how TPM disk encryption works and how simply including PCR 9 fixes a relatively major security hole in many setups. This time I'm looking at a hardware attack, bus sniffing. This attack also works against Windows BitLocker, although the solution can't be implemented on Windows unless you happen to work at Microsoft ..read more
Visit website
Moving to Mobile DevSecOps? Here's How.
Application and Cybersecurity Blog | Security Innovation
by
6M ago
Mobile development is under pressure to incorporate more rigorous security measures into apps, while the demand for continuous development is unrelenting. Although DevSecOps typically addresses enterprise, web, and cloud application development, it can work for mobile app development, too ..read more
Visit website
CMD+CTRL Training: Q4 2023 Release in Review
Application and Cybersecurity Blog | Security Innovation
by
8M ago
Q4 CMD+CTRL UPDATE: 3 NEW COURSES AND 10 NEW LABS Security Innovation is proud to add thirteen new courses and labs to the CMD+CTRL training catalog for Q4 2023. Concentrating primarily on alternative development methods, the next generation of Web Application Firewall, Secure Coding labs based on CWE Top 25 vulnerabilities, and MITRE ATT&CK® Enterprise Techniques and Mitigations; all new content will be available to learners on October 17, 2023 ..read more
Visit website
Four Steps to Help You Tackle AppSec Training—and Succeed
Application and Cybersecurity Blog | Security Innovation
by
8M ago
Four Steps to Help You Tackle AppSec Training—and Succeed Teams across the SDLC are grappling with resource constraints, accumulated technical debt, skills gaps, and tight deadlines. Even though developers are on the front lines in preventing vulnerabilities, designing and implementing security training programs to stay ahead of threats can be challenging ..read more
Visit website

Follow Application and Cybersecurity Blog | Security Innovation on FeedSpot

Continue with Google
Continue with Apple
OR