Application security and coding requirements

DCMS funding aims to increase diversity in cyber sector

A funding round has been announced as part of the Cyber Skills Immediate Impact Fund (CSIIF) with aims of encouraging more diverse talent into the UK’s cyber security sector Continue Reading

By

• Clare McDonald, Business Editor

Digital domain identified as major security threat by Norway’s intelligence service

Norway's intelligence services has revealed the extent of the threat posed to the country by cyber attacks Continue Reading

By

• Gerard O'Dwyer

How tech experts could earn millions as whistleblowers

In this week’s Computer Weekly, a tech expert is set to earn millions after successfully blowing the whistle on vulnerabilities in Cisco’s video surveillance software. Our latest buyer’s guide examines the issues around big data architecture. And we look at how the end of Windows 7 could spark a new era for desktop productivity. Read the issue now. Continue Reading

F-Secure warns of F5 Big IP-related security issue

F-Secure has discovered security issues relating to an F5 device that it says could potentially turn hundreds of thousands of load balancers into beachheads for cyber attacks Continue Reading

By

• Warwick Ashford, Senior analyst

NCC Group warns of security risks of leading printers

Researchers uncover more than 35 vulnerabilities in six leading enterprise printers, many of which could allow access to corporate networks, underlining the need to counter security risks of embedded systems Continue Reading

By

• Warwick Ashford, Senior analyst

AI will drive reskilling in problem solving, creativity and collaboration

A study from the Economist Intelligence Unit has found that executives do not believe that artificial intelligence will lead to job losses, but staff will need retraining Continue Reading

By

• Cliff Saran, Managing Editor

UK firms downloading vulnerable open source software

Vulnerable open source software components are posing a security threat to UK firms, according to a report that also shows how best practice, including automation, can reduce the risk Continue Reading

By

• Warwick Ashford, Senior analyst

Inside F5’s cyber security playbook

F5 Networks' CISO talks up measures that the application delivery and security specialist is employing to fend off cyber attackers that come knocking on its doors Continue Reading

By

• Aaron Tan, TechTarget

Beware of security blind spots in encrypted traffic

The growth of encrypted traffic has put the spotlight on intrusion prevention systems that help to surface cyber attacks conducted under the cloak of network encryption Continue Reading

By

• Aaron Tan, TechTarget

Vulnerability assessment done. Now what?

Vulnerability assessment establishes the current state of an organisation’s cyber security, but to meet industry best practices, companies should go beyond that to achieve continuous improvement Continue Reading

By

• Sam Bocetta

Security Think Tank: Proper segregation is more important than ever

What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Debugging bug bounty programmes

Bug bounty programmes have recently become a popular method of vulnerability management, but poor programme management can lead to development teams becoming overwhelmed and bugs being missed Continue Reading

By

• Peter Ray Allison

Microservices introduce hidden security complexity, analyst warns

Microservice architecture – an approach to application development in which applications are built as a suite of modular services – simplifies development but complicates security, says KuppingerCole Continue Reading

By

• Warwick Ashford, Senior analyst

BSA releases framework for secure software

Software industry advocacy group releases framework to facilitate flexible and comprehensive software security assessments Continue Reading

By

• Warwick Ashford, Senior analyst

Podcast: The Computer Weekly Downtime Upload – Episode 13

In this week’s episode of the Computer Weekly Downtime Upload podcast, the team are joined by security editor Warwick Ashford to talk about his time at the CyberUK conferences, as well as connected cars, education in the UK, and Brian McKenna’s trip to China Continue Reading

By

• Computer Weekly Staff

Nearly a quarter of tech firms do not security check products

Nearly a quarter of organisations polled do not run security checks on products, and nearly a third admitted to shipping products with known security vulnerabilities, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

How Palo Alto Networks fends off its cyber adversaries

Palo Alto Networks CIO Naveen Zutshi talks up the company’s approach in keeping threat actors at bay Continue Reading

By

• Aaron Tan, TechTarget

How IT leaders should work with marketing

In this week’s Computer Weekly, we hear expert advice on how IT and marketing chiefs can work together to deliver a high-quality customer experience. We examine how supercomputers are transforming science by processing large-scale data analytics. And we look at one of the key ethical aspects of artificial intelligence (AI) – how to explain the decisions an AI makes. Read the issue now. Continue Reading

The rise of DevSecOps

The increasing complexity of security threats is leading enterprises to DevSecOps approaches, so that all of the business is involved in security operations Continue Reading

A guide to choosing cloud-based security services

Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security Continue Reading

By

• Aaron Tan, TechTarget

Steps to improve an application environment and fix flaws

Eliminating application security flaws from an enterprise's server can be a complex task. Learn steps to take in order to improve application security with expert Kevin Beaver. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

How traffic scrubbing can guard against DDoS attacks

Although most scrubbing services can help fend off distributed denial of service attacks, a more comprehensive mitigation strategy is required to remain unscathed Continue Reading

By

• Ai Lei Tao

How To Save IT From Drowning In Its Own Self-Containerised World (and other stories)

Anyone out there right now could be more than excused for thinking we're drowning in security start-ups; too many "me too" vendors trying to resolve the same perceived problems - niche or broad. ... Continue Reading

By

• Steve Broadhead, Broadband Testing

The rise of DevSecOps

The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations Continue Reading

By

• Finbarr Toesland

UK firms say £6.6bn annual security testing cost too high

Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high Continue Reading

By

• Warwick Ashford, Senior analyst

eIDAS and the EU’s mission to create a truly portable identity

It is important for businesses to work more actively with technology partners, regulators and governments to create more robust identity verification processes  Continue Reading

By

• Zac Cohen, Trulioo

Singapore Airlines’ software glitch exposed customer data

More than 280 members of the Krisflyer frequent flyer programme had their personal information compromised by a one-off software bug Continue Reading

By

• Aaron Tan, TechTarget

Security Think Tank: Pay attention to attribute-based system access permissions

At the close of 2018, we asked CW Security Think Tank contributors to name one thing predicted for 2018 that did not happen, one thing that was not predicted and did happen and one thing that should happen in 2019, but probably will not Continue Reading

By

• Simon Persin, Turnkey Consulting

APAC cyber security landscape to be more tumultuous in 2019

Amid growing cyber threats, the Asia-Pacific cyber security landscape will not get any rosier in 2019 unless organisations start shoring up their cyber hygiene Continue Reading

By

• Aaron Tan, TechTarget

Raising security awareness through phishing simulation – how to get it right

Testing employees’ security practices by sending fake phishing emails has become commonplace, but few organisations are conducting such exercises effectively Continue Reading

By

• Ed Tucker, Human Firewall

Testing applications in production vs. non-production benefits

To ensure proper application security testing, production and non-production systems should both be tested. In this tip, expert Kevin Beaver weighs the pros and cons. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Take the pain out of software patching

In this week’s Computer Weekly, we look at one of the oldest pain points for IT departments – software patching – and ask how to make it less complex across the enterprise. We examine the rise of Kubernetes, the open source container orchestration system that’s gathering popularity for cloud-native applications. And we look at the issues around storage strategy to support a multicloud environment. Read the issue now. Continue Reading

Inside one of the world’s largest bug bounty programmes

Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug. Continue Reading

Security Think Tank: Top considerations to reduce application layer attacks

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Tim Holman, 2-sec

Security Think Tank: Gap, risk and business impact analysis key to application security

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Ramsés Gallego, Isaca

Security Think Tank: Three ways to safeguard against application layer vulnerabilities

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Bruce Beam , (ISC)²

DevSecOps not limited to coding, says analyst

DevSecOps is seen as a way of ensuring application security, but security leaders must understand that embedding a security culture and taking the inter-dependencies of new development frameworks into account is key, says KuppingerCole Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Deploy multiple defence layers to protect data-rich applications

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: A three-pronged approach to application security

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Petra Wenham

Think Tank: Application layer attack mitigation needs to start with risk analysis

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: Defend application layer with good security hygiene

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Mike Gillespie

Security Think Tank: Counter application layer attacks with automation

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Paddy Francis

Security Think Tank: Focus on security before app deployment

What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading

By

• Richard Absalom, Information Security Forum

UK faces 10 cyber attacks a week as hostile states step up hacking, says NCSC

The UK’s National Cyber Security Centre has thwarted more than 1,600 attacks over the past two years – many by hostile nation states Continue Reading

By

• Bill Goodwin, Computer Weekly

Optus to acquire Hivint in cyber security deal

The deal is expected to bolster the telco’s security pedigree in a market that is grappling with more data breaches and cyber incidents Continue Reading

By

• Aaron Tan, TechTarget

Picking the right focus for web application security testing

Deciding which web applications on which to focus application security testing is a challenging task. Read this list of considerations to ensure you're addressing the right areas. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading

By

• Petra Wenham

Apps are gateway to business data for cyber attackers

Application security is becoming increasingly important because apps are often the main way cyber attackers are getting into corporate networks, a threat researcher warns Continue Reading

By

• Warwick Ashford, Senior analyst

Majority of businesses believe they are open to cyber attack

More than two-thirds of businesses believe their network is open to attack, a report on the state of web application security reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Norwegian state discusses vulnerabilities with IT sector

Government is collaborating with the country’s IT industry to improve the availability of security expertise Continue Reading

By

• Gerard O'Dwyer

Equifax fined by ICO for security failings

The Information Commissioners Office has fined Equifax UK in relation to a data breach at its UK parent last year Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Supplement security with an MSSP to raise the bar

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Greg Temm

Security Think Tank: Adopt a proactive approach to software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Richard Hunt, Turnkey Consulting

Security Think Tank: Four key steps to managing software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Bruce Beam , (ISC)²

Security Think Tank: Four steps to managing software vulnerabilities

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Chris Hodson

British Airways data breach: Security researchers name suspects and query attack timeline

Security researchers claim to have pinpointed the cause and perpetrators of the British Airways data breach, and also claim the attackers may have had access to its customer data for far longer than previously thought Continue Reading

By

• Caroline Donnelly, Senior Editor, UK

Cyber criminals outspend businesses in cyber security battle

Cybercriminals are flexing their financial might and UK organisations are facing more attacks as a result Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: Balancing cost and risk in software vulnerability management

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Alexander Drabek, 2|SEC

Security Think Tank: No shortcuts to addressing software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: How to manage software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: How to achieve software hygiene

What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Mike Gillespie

Security Think Tank: Eight controls to manage software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Kevin Murphy

Security Think Tank: Follow good practice to reduce risk of software vulnerabilities

What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading

By

• Paddy Francis

Apache Struts users urged to update due to new security flaw

Another security flaw has been discovered in the Apache Struts, which was at the heart of the massive Equifax data breach in 2017 Continue Reading

By

• Warwick Ashford, Senior analyst

Inside DevOps, containers and enterprise security

Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way Continue Reading

By

• Christian Annesley

Microsoft looks at a Windows VM to sandbox rogue code

A feature revealed in the Windows Insider programme may appear in a future Windows 10 update for enterprises Continue Reading

By

• Cliff Saran, Managing Editor

Virus outbreak at iPhone chip plant could delay shipments

A computer virus at an iPhone chip manufacturing plant could delay shipments of Apple’s latest smartphones, but the impact will be limited, say analysts Continue Reading

By

• Warwick Ashford, Senior analyst

Bromium evolves virtualisation-based security

Virtualisation-based security firm Bromium has evolved its technology to offer bidirectional protection for applications and underlying operating systems Continue Reading

By

• Warwick Ashford, Senior analyst

Pentagon flags risky software suppliers

The Pentagon has drawn up a list of software suppliers that it wants the US military and defence contractors to avoid due to fears of risks to national security Continue Reading

By

• Warwick Ashford, Senior analyst

App users in developing APAC prefer convenience over security

By Kimberly Chua Mobile app users in developing Asia-Pacific (APAC) countries prefer convenience over security, signaling a potential rift between companies and users, a new F5 Networks study has ... Continue Reading

By

• Aaron Tan, TechTarget

Software development remains insecure

The prevalence of common and well-known web-based vulnerabilities underlines the need for better education around secure software development Continue Reading

By

• Warwick Ashford, Senior analyst

ERP applications are under cyber attack, research confirms

ERP applications are increasingly being targeted by cyber criminals, hacktivists and nation-state actors, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Apache OpenWhisk users urged to patch

IBM has patched vulnerabilities in its Cloud Functions service that is based on Apache OpenWhisk in response to vulnerability disclosures, and all other users are urged to do the same Continue Reading

By

• Warwick Ashford, Senior analyst

Application attacks demand new security approach

Applying security software updates is an ineffective way to deal with application layer cyber attacks and businesses should change their approach, security experts advise Continue Reading

By

• Warwick Ashford, Senior analyst

Google wants to ease hybrid cloud woes

Cloud supplier Google claims its Cloud Service Platform will alleviate complexities in managing microservices in a hybrid IT environment Continue Reading

By

• Aaron Tan, TechTarget

Most firms have software security vulnerability

Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

A third of organisations do not have a security expert, survey shows

Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Application and device security under the spotlight

The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, including legislative measures. Continue Reading

Cyber attackers cashing in on ‘hidden’ attack surface

Cyber attackers are cashing in on organisations’ lack of visibility into all online interactions that can involve multiple third parties, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

White-hat hackers find record number of vulnerabilities

White-hat hackers are finding more vulnerabilities than ever before, with crowdsourced security testing continuing to gain popularity, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Inside one of the world’s largest bug bounty programmes

Trend Micro’s Zero Day Initiative may be the top external supplier of software bug reporting for Microsoft and Adobe, but that does not mean it purchases every type of bug Continue Reading

By

• Aaron Tan, TechTarget

Brexit a greater risk to UK financial system than cyber attack

While Brexit is seen as the biggest risk to the stability of the UK financial system, cyber attack is the most difficult risk to manage for over half of firms Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

High-Tech Bridge bets on machine learning capabilities

Machine learning has a great potential to drive the automation of some security tasks to free up information security professionals to do more strategic work, says High-Tech Bridge founder Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, TechTarget

APAC remains a hotbed for software piracy

The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware Continue Reading

By

• Kimberly Chua

Application security more important than ever

Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading

By

• Nicholas Fearn

Cyber resilience key to securing industrial control systems

Operators of industrial control systems can build greater cyber resilience by getting IT and operational technology teams to work more closely together and improving the visibility of their infrastructure, among other security measures Continue Reading

By

• Aaron Tan, TechTarget

Grab outlines its approach to cyber security

Singapore-based ride-hailing company prefers detective controls rather than preventive ones to deter cyber threats – an approach it claims is less intrusive and costly to implement Continue Reading

By

• Aaron Tan, TechTarget

Application and device security under the spotlight

The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, including legislative measures Continue Reading

By

• Peter Ray Allison

Nutanix builds hooks to SDN and cloud with Flow, Era and Beam

Hyper-converged pioneer builds in functionality from acquisitions with Flow software-defined networking, Beam cloud monitoring and Era database provisioning and data protection Continue Reading

By

• Antony Adshead, Storage Editor

Majority of security professionals favour shorter disclosure deadline

Google’s Project Zero unit’s 90-day deadline for software suppliers to disclose vulnerabilities has always been controversial, but a survey reveals that most security professionals feel even that is too long Continue Reading

By

• Warwick Ashford, Senior analyst

City Police use Lego simulation to teach businesses cyber security

City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life Continue Reading

By

• Bill Goodwin, Computer Weekly

APAC is becoming a hotspot for DDoS attacks

The region’s largest and most-connected economies are most vulnerable to distributed denial-of-service attacks, according to CenturyLink Continue Reading

By

• Aaron Tan, TechTarget

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

Firms need to move from DevOps to DevSecOps, says expert

In the face of competition, organisations are turning to DevOps to improve efficiency and accelerate innovation, but this is creating new security risks, an industry expert warns Continue Reading

By

• Warwick Ashford, Senior analyst

C-suite a cyber attack risk, say security chiefs

Those tasked with running organisations are the most likely group to expose them to a major cyber attack, a poll of UK information security executives shows Continue Reading

By

• Warwick Ashford, Senior analyst

Heartbleed and Shellshock thriving in Docker community

DevOps has revolutionised IT, but security best practices are being skimmed over, which means old vulnerabilities are finding a new lease of life in Docker Continue Reading

By

• Cliff Saran, Managing Editor

DocuTrac medical software is a breach risk, warns Rapid7

Security researchers have issued a security warning about medical billing and documentation software they say puts patients at risk of data breach Continue Reading

By

• Warwick Ashford, Senior analyst