Application and Cybersecurity Blog | Security Innovation
6,503 FOLLOWERS
Security Innovation is a global provider of application security & cryptography solutions. The company helps build internal security expertise, reduce application risk, and improve the process by which applications are built.
Application and Cybersecurity Blog | Security Innovation
2M ago
Software is the bedrock of the world's digital existence. It also underlies many of the systems and processes that we rely on daily. Software is everywhere—on our desks, in our vehicles, in communication networks, in commerce, in logistics, and in our homes. With software everywhere, malicious actors have an expanded attack surface to target ..read more
Application and Cybersecurity Blog | Security Innovation
2M ago
Security Innovation’s quarterly update to the CMD+CTRL training catalog is aimed at providing our customers with the most up-to-date training, focused on current technology and threat trends to help prevent vulnerabilities and protect data across multiple development languages and platforms. This latest release is focused on providing education and training for technology and management teams using both traditional and modern application development methods ..read more
Application and Cybersecurity Blog | Security Innovation
2M ago
Contrary to what many people imagine, the figure in a dark hoodie sitting in front of a glowing computer screen is not the face of a career in cybersecurity. In an overwhelmingly digital world, cyber adversaries can target a vast attack surface. Threats are pervasive. Every point across an organization's attack surface must be protected. There are thousands of pieces that must successfully work together to do that—which takes people with varied expertise ..read more
Application and Cybersecurity Blog | Security Innovation
5M ago
March 1st kicks off Women's History Month in the U.S., which was launched in 1987 as a celebration of women’s contributions to history, culture, and society. To celebrate, we're highlighting women who were pioneers in the field of cybersecurity.
Their contributions in the areas of coding, analysis, pattern matching, and computing laid the foundation for today's cyber defenses. These ladies were rocking code before the internet was invented ..read more
Application and Cybersecurity Blog | Security Innovation
5M ago
Q1 CMD+CTRL UPDATE: 2 NEW COURSES AND 9 NEW LABS
Security Innovation is proud to add two new courses and nine new labs to the CMD+CTRL training catalog for Q1 2024. Concentrating primarily on AI Privacy and Risk, .NET Programming, Secure Android Development, Secure Coding labs based on CWE Top 25 vulnerabilities, and Host Vulnerability Scanning. All new content will be available to learners on February 14, 2024 ..read more
Application and Cybersecurity Blog | Security Innovation
8M ago
This is a 2-part series where we'll explore vulnerabilities in systems that use Trusted Platform Modules (TPMs) for disk encryption, exposing the risks of unverified initramfs images and bus sniffing attacks.
In this article, we'll look at how disk encryption uses the initramfs and you'll see why using PCR 9 is so important for properly securing a system ..read more
Application and Cybersecurity Blog | Security Innovation
8M ago
In my previous post, I explained how TPM disk encryption works and how simply including PCR 9 fixes a relatively major security hole in many setups. This time I'm looking at a hardware attack, bus sniffing. This attack also works against Windows BitLocker, although the solution can't be implemented on Windows unless you happen to work at Microsoft ..read more
Application and Cybersecurity Blog | Security Innovation
8M ago
Mobile development is under pressure to incorporate more rigorous security measures into apps, while the demand for continuous development is unrelenting. Although DevSecOps typically addresses enterprise, web, and cloud application development, it can work for mobile app development, too ..read more
Application and Cybersecurity Blog | Security Innovation
10M ago
Q4 CMD+CTRL UPDATE: 3 NEW COURSES AND 10 NEW LABS
Security Innovation is proud to add thirteen new courses and labs to the CMD+CTRL training catalog for Q4 2023. Concentrating primarily on alternative development methods, the next generation of Web Application Firewall, Secure Coding labs based on CWE Top 25 vulnerabilities, and MITRE ATT&CK® Enterprise Techniques and Mitigations; all new content will be available to learners on October 17, 2023 ..read more
Application and Cybersecurity Blog | Security Innovation
10M ago
Four Steps to Help You Tackle AppSec Training—and Succeed
Teams across the SDLC are grappling with resource constraints, accumulated technical debt, skills gaps, and tight deadlines. Even though developers are on the front lines in preventing vulnerabilities, designing and implementing security training programs to stay ahead of threats can be challenging ..read more