Sponsors

software application

Episode 168: Application Security Debt is growing. Also: Web App Security in the Age of IoT

In this week’s episode of the podcast (#168), sponsored by Signal Sciences, Chris Eng of Veracode joins us to talk about the 10th annual State of Software Security Report and the problem of application security debt. Also, Brendan Macaraeg of Signal Sciences talks about the expanding landscape of web application attacks and defenses.

Explained: Two-Factor vs. Multi-Factor Authentication

It may seem like two-factor authentication and multi-factor authentication are the same. They’re not, explains Yaser Masoudnia, the Senior Director of Product Management at LastPass.*

NotPetya Infected System

NotPetya Horror Story Highlights Need for Holistic Security

The NotPetya malware’s ability to cripple even sophisticated, global firms is a cautionary tale about the need for businesses to understand their risk and take a holistic view of security says Fadi Albatal, Chief Strategy Officer at Hitachi Systems Security.*

Vulnerability Undermines WordPress Two-Factor Plugins

The firm Duo Security* said that it has discovered a vulnerability that affects a range of two-factor authentication plugins for the WordPress content management platform. The vulnerability could allow a malicious insider to use credentials for one WordPress site to log into a different site that is part of a ‘multi-site’ WordPress deployment without needing to pass a multi-factor authentication test. In a blog post on Thursday, DUO co-founder and CTO Jon Oberheide said that the vulnerability was discovered as part of an internal review of DUO’s two factor WordPress plugin, but that researchers realized it affects at least two other multi-factor plugins. DUO issued a warning to users of its plugin. The company also reached out to WordPress and to the publishers of other multi factor authentication plugins to address the issue, Oberheide wrote. DUO makes multi-factor authentication technology that allows users to log-in using a combination of username, […]