October 8, 2018

Researchers Find 18 Security Vulnerabilities in Foxit PDF Reader

2 min read - A free browser plugin for creating, editing and viewing PDF files contains 18 security vulnerabilities that could expose users to remote code execution.

Data Protection October 3, 2018

The Wild West of Data Risk Management in the Age of Cloud, Mobile and Digital Transformation

3 min read - In today's rapidly evolving security environment, it's imperative for organizations to establish a formal data risk management program that does more than just check the boxes.

Application Security September 26, 2018

Maximize the Power of Your Open Source Application Security Testing

3 min read - To secure products that use open source components, organizations must first take stock of how much of this code they are using in their products.

Software Vulnerabilities September 13, 2018

New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value

2 min read - Gartner's new report recommends factoring severity, asset value and active exploits into your vulnerability management process.

Incident Response July 19, 2018

Why the Best Defense Is a Good Offensive Security Strategy

2 min read - Offensive security activities like cyberattack simulations, penetration testing and vulnerability assessments can help companies identify and remediate flaws before cybercriminals can exploit them.

CISO June 8, 2018

A Step-By-Step Guide to Vulnerability Assessment

3 min read - Sometimes, security professionals don't know how to approach a vulnerability assessment, especially when it comes to dealing with results from its automated report. Here's how to get started.

Intelligence & Analytics November 8, 2017

Proactive or Reactive Endpoint Security? A Critical Crossroads for SOC Analysts

2 min read - As the cybercrime landscape expands, SOC teams need endpoint security tools that can reduce the time it takes to gain actionable threat intelligence.

Risk Management May 11, 2016

Determining the Scope of Your Security Testing

2 min read - Organizations often struggle with defining the scope of their security testing, but this is a necessary step that impacts business goals.

X-Force June 18, 2013

When Characters Turn Bad: String Sanitation Bypass via Best-Fit Mappings

3 min read - If you’re working on software that converts strings from one character set to another, such as when performing UNICODE to ANSI string conversions, you may have probably heard about best-fit mapping conversions.

X-Force April 1, 2013

Use-after-frees: That pointer may be pointing to something bad

6 min read - If you look at the last few Internet Explorer security bulletins, you'll notice that many of the patched vulnerabilities were use-after-frees (or UAFs) [1, 2]. Use-after-free is still a common bug class because the task of manually identifying them, especially...