📚 Tutorial: Application security and coding requirements news, help and research - ComputerWeekly.com

News : Application security and coding requirements

December 15, 2021 15 Dec'21
After Log4j, December Patch Tuesday piles on the pressure

December’s Patch Tuesday update from Microsoft contains several critical CVEs, but this month all attention is focused on the fall-out from Log4Shell, and burn-out is becoming a real issue
December 14, 2021 14 Dec'21
Almost half of networks probed for Log4Shell weaknesses

Close to half of corporate networks have already been actively targeted by individuals seeking to exploit the critical Log4Shell Apache bug
December 13, 2021 13 Dec'21
What is Log4Shell, and why are we panicking about it?

It’s been described as a ‘design failure of catastrophic proportions’ that threatens the very fabric of the digital world. Find out what the Log4j2 Log4Shell panic is all about, and what you should do about it
December 09, 2021 09 Dec'21
UK and US to collaborate on privacy innovation contest

Joint UK-US innovation challenge contest centring on privacy-enhancing technology announced at Summit for Democracy in Washington DC

Bridging the gender gap in cyber security

Some professional groups and companies in Asia are working hard to improve awareness of the cyber security profession and mentoring talented women in a bid to bridge the gender gap Continue Reading
Considerations when deciding on a new SIEM or SOAR tool

A successful deployment of any security tool very much depends on the maturity of security processes in the organisation Continue Reading
Five ways to ensure remote working security and compliance

A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security Continue Reading

Log4Shell: Why aren't we taking the security of the internet seriously?

To be caught out once may be an oversight, and lessons can be learned. But twice over a seven year timespan, shows a laissez faire attitude to the stability of the internet. In 2014, Heartbleed ... Continue Reading
A For Automation

You might think that 3+ decades into the life of dedicated IT security products that said security landscape would be clearly defined and managed. In reality, it is anything but. The problem is not ... Continue Reading
Please protect us from our own stupidity

It seems like the simplest thing. Compose an email message and then CC colleagues. But,due to a Ministry of Defence blunder, this simple action, built into pretty much every piece of email client ... Continue Reading

Security Think Tank: In the cloud, anti-human approaches set us up to fail

Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months Continue Reading
Changing the rules against cyber attacks

UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing Continue Reading
No easy fix for vulnerability exploitation, so be prepared

Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this Continue Reading

CW500 Interview: Jonathan Moreira, CTO of PrimaryBid.com

In this CW500 video, Jonathan Moreira, CTO of PrimaryBid.com, gives a fintech startup’s perspective on the security challenges small businesses can face when adopting new technologies.
Lauri Love: how reformed hackers halted the WannaCry virus

Lauri Love presents a compelling story of the WannaCry malware that nearly brought down the NHS, and the behind the scenes work of former hackers, and security researchers that helped to prevent lives being lost. Love is facing extradition to the US after allegedly taking part in a hacking protest over the death of internet pioneer Aaron Swartz, who faced jail for using a hidden computer to downloading academic journals at MIT.
Screencast: Employ the FOCA tool as a metadata extractor

Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites.