Contributor Lori MacVittie

Drupalgeddon 2 Highlights the Need for AppSecOps

Blog / May 11, 2018

By lori macvittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

State of App Delivery 2018: Security Again Edges Out Availability As Most Important App Service

Blog / Jan 16, 2018 (MODIFIED: Jan 12, 2018)

By lori macvittie

Forty-three percent of organizations say security is essential when deploying apps, and more than two thirds use multiple security solutions to protect clients, infrastructure, and web apps.

A Spectre of Meltdowns Could be in Store for 2018, Including Fileless Malware Attacks and More Costly Bots

Blog / Jan 10, 2018 (MODIFIED: Jan 15, 2018)

By lori macvittie

Every week, another bug, vulnerability, or exploit is released—we need a multi-layered security strategy to deal with threats like Spectre and Meltdown.

The Credential Crisis: It’s Really Happening

Blog / Dec 14, 2017 (MODIFIED: Jan 10, 2018)

By lori macvittie

With billions of data records compromised, it’s time to reconsider whether passwords are our best means for authenticating users.

If Your Security Question List Looks Like a Facebook Favorite List, Start Over Now

Blog / Nov 21, 2017 (MODIFIED: Dec 27, 2017)

By lori macvittie

Seriously, how many colors are there? And how many of us share the same love of one of those limited choices?

Help Guide the Future of Apps – Ultimately Your Threat Landscape – By Responding to Our SOAD Survey!

Blog / Oct 24, 2017 (MODIFIED: Nov 2, 2017)

By lori macvittie

Assessing the State of Application Delivery depends on getting information from you about your applications!

New Threat May Slip Through the KRACK in BYOD Policies

Blog / Oct 17, 2017 (MODIFIED: Nov 26, 2017)

By lori macvittie

Combating this vulnerability might mean you have to force updates on employees’ personal devices or deny them access altogether.

The Good News About Breaches

Blog / Oct 4, 2017 (MODIFIED: Oct 31, 2017)

By lori macvittie

Security breaches in the news serve as a good reminder to check and make sure you have a solid application protection strategy in place, starting with never trusting user input.

Bug Bounty Programs Only Half the Battle

Blog / Oct 4, 2017 (MODIFIED: Jul 6, 2017)

By lori macvittie

What's the other half? And why don't organizations just find and fix their own bugs?

“Cry ‘Havoc’ and Let Loose the Thingbots of War!”

Blog / Aug 17, 2017 (MODIFIED: Sep 21, 2017)

By lori macvittie

Gray hats might have good intentions launching their “vigilante” botnets, but are they really helping us win the war against Death Star-sized thingbots?

Default Passwords Are Not the Biggest Part of the IoT Botnet Problem

Blog / Jun 6, 2017 (MODIFIED: Jul 20, 2017)

By lori macvittie

Providers and manufacturers could go a long way toward reducing the very real threat of IoT.

Why Cloud Sprawl Is a Security Risk

Blog / May 18, 2017 (MODIFIED: Jul 24, 2017)

By lori macvittie

Cloud sprawl isn’t just a budget sinkhole; it’s quickly becoming a security blind spot and potential attack vector for data theft.

Internet, We (Still) Have a Problem With Internationalized Domain Names

Blog / Apr 25, 2017 (MODIFIED: Jul 24, 2017)

By lori macvittie

Even URLs that look legitimate can be fake, so train, train, train your users to verify links before they click.

Security’s “Rule Zero” Violated Again With Zero-Day Apache Struts 2 Exploit

Blog / Mar 9, 2017 (MODIFIED: Jul 6, 2017)

By lori macvittie

If you’re running Apache Struts 2 and the vulnerable component, stop reading and update now.

Speed Over Security Still Prevalent in Spite of Substantial Risk for IoT Apps

Blog / Mar 3, 2017 (MODIFIED: Jul 6, 2017)

By lori macvittie

Speed to market means IoT and mobile apps are being released with known vulnerabilities.

Cloudbleed: What We Know and What You Should Do

Blog / Feb 24, 2017 (MODIFIED: Jan 12, 2018)

By lori macvittie

Definitive steps individuals and organizations can take today to deal with the impact of Cloudbleed.

Friendly Reminder: App Security in the Cloud Is Your Responsibility

Blog / Feb 2, 2017 (MODIFIED: Jan 12, 2018)

By lori macvittie

Nearly 200,000 servers are still vulnerable to Heartbleed—and the organizations who own them might surprise you.

The New Insider Threat: Automation Frameworks

Blog / Jan 19, 2017 (MODIFIED: Jan 8, 2018)

By lori macvittie

One of the pillars of DevOps is automation. Along with that comes orchestration, which some might guess to be automation at a higher level of abstraction.

Security’s Blind Spot: Application Layer Visibility

Blog / Nov 14, 2016 (MODIFIED: Jul 6, 2017)

By lori macvittie

Visibility doesn’t have to disrupt performance if it is baked into the data center architecture.

Is HEIST a Risk or a Threat?

Blog / Aug 12, 2016 (MODIFIED: Jul 6, 2017)

By lori macvittie

HEIST is an example of how risk and threat are different, and why the distinction matters.

Follow us on social media.