On top of this week's major update to Microsoft's Windows GDI implementation, Redmond next week plans to issue no less than four Windows security bulletins, including at least one "critical" update.
Securent has decided to implement XACML 2.0 in its Entitlement Management Solution as part of OASIS' standardization efforts.
Get ready for an anti-climactic Patch Tuesday. Following on the heels of last month’s gonzo Patch Tuesday event -- wherein Microsoft Corp. released 12 new patches -- Redmond this month doesn’t plan to patch any security-related flaws.
SPI Dynamics is collaborating with Microsoft to provide security tools for applications built using ASP.NET AJAX (code-named "Atlas"). When it is released on December 1, DevInspect 3.0 will become one of the first dev tools to analyze and remediate vulnerabilities in Atlas-based applications.
Microsoft announced this week it is adding an enhanced version of Dotfuscator Community Edition (CE) to the next major release of Microsoft Visual Studio, code-named "Orcas."
Advanced security bulletin refers to an XML flaw and five other Windows flaws deemed "critical"; unknown whether security rollup addresses recent Visual Studio flaw.
A recent survey of 400 U.S.-based application developers and programmers showed that while those who build Web applications are more concerned about security than ever before, corporate resources and processes that increase application security aren’t as forthcoming.
Deliberate attacks on Web services is one obvious risk enterprises take when building such apps, and sloppy data can wreak just as much havoc. But one expert says XML security is where it’s at for adopters of service-oriented architectures (SOA).
Many CIOs arrived late to Sarbanes-Oxley efforts
Phishing is one of the fastest growing security threats today but one search engine is developing a solution that lets users secure their info by customizing their login pages.
Security remains a key reason why some developers continue to shy away from service-oriented architectures (SOA) but as awareness grows, so are solutions. And IBM announced plans to release new System z mainframe integration software that will help secure SOA-based apps.
The Ruby on Rails management team has released fixes for a serious security vulnerability in several versions of its development tool that could allow an attacker to take down a Rails process.
Recent worms and viruses targeting Web apps didn’t have much impact, but may only be the tip of the iceberg. Researchers warn that the next iterations of these attacks are imminent and could have catastrophic results.
New online risk-monitoring and strong-authentication technologies are helping banks meet looming FFIEC online authentication deadlines
CA is recommending that users of its popular eTrust Antivirus WebScan upgrade to protect against flaws that can allow a remote attacker to execute arbitrary code or compromise the integrity of the WebScan software.
Like a game of chess, app security boils down to a series of attacks and countermoves, and developers need to do what they can during production before they become another hacker’s pawn. But one expert says that's easier said than done.
Companies are increasingly deploying filtering technology to address a number of information security threats, ranging from in-bound spyware to unapproved use of VoIP.
No patch is available yet for a Microsoft Windows flaw that could allow a remote attacker to crash the system and produce a blue screen.