Tuesday, September 3, 2024

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library

Home
Security Creators Network
Webinars
Events
- Upcoming Events
- On-Demand Events
Sponsored Content
Chat
Library
Related Sites
Media Kit
About
Sponsor

Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Humor

Hot Topics

WordPress Sites at Risk from WPML Flaw
Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader
The Role of Digital Adoption in Email Deliverability & Security
Demystifying SOC 2 Compliance for Startups: A Simple Guide
Happy Canada Labour Day! / Bonne Fête du Travail Canadienne!

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

“2024” neon sign

Biggest Ever Password Leak — but is ObamaCare’s RockYou2024 Really NEW?

Richi Jennings | July 9, 2024 | credentials, Cybersecurity, Malware, ObamaCare, Passkeys, passwords, rockyou2021, RockYou2024, SB Blogwatch

Credential crunch: Ten billion plain-text passwords in a file—sky falling or situation normal? ... Read More

Security Boulevard

A ballet dancer sitting with her head in her hands

‘Polyfill’ Supply Chain Threat: 4x Worse Than We Thought

Richi Jennings | July 5, 2024 | App Sec & Supply Chain Security, AppSec & Supply Chain Security, CloudFlare, Funnull, Javascript, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, polyfill, SB Blogwatch, secure software supply chain, software supply chain attack, software supply chain attacks, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity

Spackle attack: Chinese company takes over widely used free web service—almost 400,000 websites at risk ... Read More

Security Boulevard

Apple CEO Tim Cook, looking grim

‘Perfect 10’ Apple Supply Chain Bug — Millions of Apps at Risk of CocoaPods RCE

Richi Jennings | July 2, 2024 | App Sec & Supply Chain Security, Apple, Apple iOS, AppSec & Supply Chain Security, CocoaPods, CVE-2024-38366, CVE-2024-38368, dependencies, dependency injection, Dependency Management, macos, macOS Security, Modern Software Supply Chains, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, SB Blogwatch, software dependencies, Supply-Chain Insecurity, third-party dependencies, trust dependencies

Tim looks grim: 10 year old vulnerabilities in widely used dev tool include a CVSS 10.0 remote code execution bug ... Read More

Security Boulevard

Vladimir Vladimirovich Putin (or possibly a very good lookalike)

‘Russia’ Breaches TeamViewer — ‘No Evidence’ Billions of Devices at Risk

Richi Jennings | July 1, 2024 | 2-factor authentication, 2fa, 2FA/MFA, APT29, Cozy Bear, CozyCar, CozyDuke, Dark Halo, enshittification, MFA, mfa protection, Midnight Blizzard, multi-factor, multi-factor authenication, Multi-Factor Authentication, Multi-Factor Authentication (MFA), multi-factor-auth, NOBELIUM, Nobeliumm, Office Monkeys, Russia, russia hacker, russia-based, russian, SB Blogwatch, SolarWinds, SolarWinds Vulnerability, solarwinds-hack, StellarParticle, SVR, TeamViewer, The Dukes, two-factor, two-factor athentication, Two-Factor Humor, two-factor-authentication.2fa, UNC2452, YTTRIUM

SolarWinds hackers strike again: Remote access service hacked—by APT29, says TeamViewer ... Read More

Security Boulevard

The Temu app on a smartphone screen peeking out from a pocket

Temu is Malware — It Sells Your Info, Accuses Ark. AG

Richi Jennings | June 28, 2024 | breach of privacy, china, china espionage, Chinese, Chinese Communists, Chinese cyber espionage, chinese government, customer location, geofencing and location tracking, geolocation, Location, location access permission, location access risks, location data, Location data privacy, location history, location intelligence, location privacy, location services, location sharing location tracking, PDD Holdings, Pinduoduo, Privacy, SB Blogwatch, Temu, Whaleco

Chinese fast-fashion-cum-junk retailer “is a data-theft business.” ... Read More

Security Boulevard

A flock of ostriches (or is it a troop?)

WordPress Plugin Supply Chain Attack Gets Worse

Richi Jennings | June 26, 2024 | hacked WordPress, hacking wordpress, plug-in, plug-in vulnerability, plug-ins, rogue plug-in, SB Blogwatch, software supply chain, software supply chain attack, software supply chain attacks, software supply chain risk, Software Supply Chain risks, Supply-Chain Insecurity, Themes and Plug-ins, wordpress, WordPress plug-in, wordpress plugin update, Wordpress Plugin Vulnerability, WordPress Plugin Vulnerability Exploitation, WordPress Plugins, WordPress Plugins and Themes

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.) ... Read More

Security Boulevard

KC Green’s seminal “This Is Fine” cartoon, where a dog drinks coffee, seemingly oblivious to a fire that’s engulfing the house.

Microsoft Privacy FAIL: Windows 11 Silently Backs Up to OneDrive

Richi Jennings | June 25, 2024 | Microsoft, Microsoft Account Security, Microsoft OneDrive, Microsoft Windows, OneDrive, Privacy, SB Blogwatch, Windows, Windows 11

Copying users’ files and deleting some? Even a cartoon hound knows this isn’t fine ... Read More

Security Boulevard

Row upon row of unsold vehicles

30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global

Richi Jennings | June 21, 2024 | Automotive, Automotive industry, Car Dealer, CDK Global, cloud outage, cloud Saas, Downtime and outages, outage, outages, Private Equity, Ransomware, SaaS, SaaS App Security, SB Blogwatch, Software-as-a-Service, Software-as-a-Service (SaaS)

Spend more on security! Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked (again) ... Read More

Security Boulevard

“Oh, won’t somebody please think of the children?”

EU Aims to Ban Math — ‘Chat Control 2.0’ Law is Paused but not Stopped

Richi Jennings | June 20, 2024 | Chat Control, Child Abuse, child exploitation, child porn, child pornography, child sexual exploitation, CSAM, CSEM, E2EE, encryption, end-to-end encryption, eu, Europe, European Compliance, european election, European Governments, European legislation, European Union, European Union (EU), SB Blogwatch, signal, WhatsApp, Won’t somebody think of the children?

Ongoing European Union quest to break end-to-end encryption (E2EE) mysteriously disappears ... Read More

Security Boulevard

An ASUS router, with superimposed text: “Patch ASUS ASAP”

ASUS Router User? Patch ASAP!

Richi Jennings | June 18, 2024 | Asus, Attacking Routers, CVE-2024-3079, CVE-2024-3080, CVE-2024-3912, firmware, firmware attacks, firmware patch, firmware security, firmware update, Firmware Updates, Firmware Vulnerabilities, firmware vulnerability, flawed routers, IoT firmware, Malicious Firmware Updates, router, router compromise, router exploit, router hacking, router hijacking, router malware, router security, router vulnerabilities, router vulnerability, SB Blogwatch

Or junk it if EOL: Two nasty vulnerabilities need an update—pronto ... Read More

Security Boulevard

‹
1
2
3
4
5
…
66
›

Techstrong TV

Click full-screen to enable volume control

Watch latest episodes and shows

Upcoming Webinars

AppSec for the Win: Proven Best Practices that Work

The AI Efficiency Edge: Empowering Your Teams with Okta & Amazon Q

Connectivity Cloud: The Last Great Cloud Transformation — Security Consolidation

Case of the Common Vulnerability? Secure Guardrails Can Help!

Scaling Serverless Development With Platform Engineering - A Blueprint for Success

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

Missing Guardrails, a Troubling Trend in Data Protection

Modern Strategies for IoT Device Fingerprinting

Cybersecurity Insurance: Signals Maturity to Partners, Improved Security Response

4 Tips for Optimizing Your GRC Strategy

Radware Report Surfaces Increasing Waves of DDoS Attacks

Why Application Detection and Response (ADR) is Exciting for Cybersecurity | Contrast Security

Elevating your secrets security hygiene: H1 roundup of our product innovations

US CERT Alert AA24-242A (RansomHub Ransomware)

Who Owns Implementation of California’s New Workplace Violence Prevention Law?

Randall Munroe’s XKCD ‘Stranded’

Industry Spotlight

API Security Application Security AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Securing the Cloud Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Social - Facebook Social - LinkedIn Social - X Software Supply Chain Security Spotlight Threats & Breaches Vulnerabilities Zero-Trust

China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

August 28, 2024 Richi Jennings | Aug 28 0

AI and ML in Security Analytics & Intelligence AppSec Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Deep Fake and Other Social Engineering Tactics DevOps DevSecOps Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight IOT IoT & ICS Security Most Read This Week News Popular Post Regulatory Compliance Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Operations Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Zero-Trust

‘Terrorgram’ Telegram Terrorists Trash Transformers — Grid in Peril

August 27, 2024 Richi Jennings | Aug 27 0

Cybersecurity Data Privacy Data Security Endpoint Featured Industry Spotlight Mobile Security Network Security News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Audit: FBI is Losing Track of Storage Devices Holding Sensitive Data

August 23, 2024 Jeffrey Burt | Aug 23 0

Top Stories

Cybersecurity Featured Identity & Access News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threat Intelligence Threats & Breaches

Radware Report Surfaces Increasing Waves of DDoS Attacks

August 30, 2024 Michael Vizard | 3 days ago 0

Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Cybersecurity Insurance: Signals Maturity to Partners, Improved Security Response

August 30, 2024 George V. Hulme | 3 days ago 0

Application Security Cloud Security Cybersecurity Data Security Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Veeam Widens Beam to MongoDB, Nutanix & Proxmox VE

August 30, 2024 Adrian Bridgwater | 3 days ago 0

Download Free eBook

Managing the AppSec Toolstack

Join the Community

Add your blog to Security Creators Network
Write for Security Boulevard
Bloggers Meetup and Awards
Ask a Question
Email: [email protected]

Useful Links

About
Media Kit
Sponsor Info
Copyright
TOS
DMCA Compliance Statement
Privacy Policy

Related Sites

Techstrong Group
Cloud Native Now
DevOps.com
Digital CxO
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
DevOps Chat
DevOps Dozen
DevOps TV

Powered by Techstrong Group

Copyright © 2024 Techstrong Group Inc. All rights reserved.

Application Security Check Up

Step 1 of 8

12%

Do you develop your own software in your organization?(Required)

Yes

No

Not sure

What portion of your cyber risk is Application Security (AppSec)? (Select one)(Required)

We over-focus on AppSec

We focus on AppSec to match the risk

We under-focus on AppSec

What are the biggest challenges you face implementing a robust AppSec strategy? (Select all that apply)

Lack of budget

Insufficient skilled personnel

Complexity of integrating security into the development lifecycle

Resistance from development teams

Keeping up with evolving security threats

Lack of executive buy-in

Other (please specify)

Other

Which DevSecOps practices are widely used for actively developed projects (not legacy) (Select all that apply):(Required)

Automated unit and functional tests for quality run in the pipeline with merge blocking

Automated application security testing (AST) in development and (SAST/IAST) runs in the pipeline

Automated AST tools to find vulnerabilities in the code you import (SCA) run in the pipeline

Merge blocking at current policy level for AST checks

Secrets management so no secrets stored in source code repositories

How do you assess and mitigate risk of For NON actively developed products (legacy) (Select all that apply):

In-production scans using DAST products like Qualys, Nessus, etc.

Periodic penetration testing

Periodic running of AST tools

Manual code reviews by security specialists

Use of third-party security assessment services

No assessment or mitigation effort is happening

How do you resolve the security issues found? (Select all that apply):(Required)

In-production scans using DAST products like Qualys, Nessus, etc.

Periodic penetration testing

Periodic running of AST tools

Manual code reviews by security specialists

Use of third-party security assessment services

No assessment or mitigation effort is happening

Which best describes security training for your developers? (Select all that apply)(Required)

Monthly

Quarterly

Annually

As part of onboarding

Just-in-time via integration with AST tools when a vulnerability is found

No formal training provided

How do you determine your level of investment in AppSec? (Select all that apply)(Required)

Perceived risk and threat landscape

Industry benchmarks and standards

Historical spending patterns / budget constraints

Recommendations from third-parties

We do not have a formal process

Δ