March 2006 | Archive by Month | | Page 4

March 2006

  • Ten dos and don'ts for secure coding

    Security practitioners should understand how developers introduce security vulnerabilities into applications and work to support the developers in improving code quality and security. Encouragement...

  • Scientists band together for TRUST-worthy research

    A group of the nation's top computer scientists and colleges are teaming up to find better ways to protect computing systems from cyberattacks.

  • Best practices for pen testing Web applications

    Performing a Web application penetration test can gauge how well your Web application can withstand an attack. In this tip, platform security expert Michael Cobb provides best practices for perform...

  • Attacks driven by love of money

    Symantec's latest threat report shows digital desperadoes are exploiting Web application flaws and using "modular" malcode to launch lucrative attacks.

  • Security pros aren't stained by BlackBerry tiff

    A BlackBerry blackout would have been tough for on-the-go e-mail addicts, but it was never a security concern, if a survey of IT professionals is any indication.

  • Security Bytes: Mac patch falls short of expectations

    In other news, one hacker gains root access to a Mac while another shows how to compromise Microsoft Fingerprint Reader.

  • How SSOs differ from login and passwords

    Learn how SSO systems and login and passwords differ, and which systems are more likely to be exploited and why in this Ask the Expert Q&A.

  • State-based attacks: Session management

    In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session man...

  • Know your wireless encryption options

    Understanding wireless encryption is essential to deploying a secure wireless network. Contributor Tony Bradley breaks down the different encryption methods and explains why some are better than ot...

  • Hot Pick: NFR repeats top honors in intrusion prevention

    Sentivist 5.0 takes the company's IPS to a new level -- a true enterprise-level product. Find out why Information Security editors believe it's worth the investment.

  • Sourcefire acquisition under government scrutiny

    Government officials are considering whether to thwart Israel-based Check Point's $225 million acquisition of Sourcefire. Some say foreign ownership of Snort may threaten national security.

  • Review: Latest DeviceWall geared to SMBs

    Worried your intellectual property's walking out the door? Centennial Software's got a way to plug a widening security hole that Information Security editors like.

  • Security Blog Log: Hacking for grades causes a stir

    A college exercise in hacking doesn't sit well with some bloggers. Meanwhile, a bear shows us a thing or two about security and Webroot loses its public voice.

  • Review: Symantec's integrated security appliance a good fit

    It's the GUI that really gets the Gateway Security 5600 series a thumb's up from Information Security editors.

  • Content Spoofing

    This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them.

  • Proof-of-concepts heighten mobile malware fears

    By themselves, Crossover and RedBrowser are fairly harmless, but they're a sign that the digital underground is likely working toward large-scale attacks against handheld devices.

  • Man-in-the-middle attacks

    This excerpt from Chapter 2 of "Securing Storage: A Practical Guide to SAN and NAS Security" examines how man-in-the-middle attacks affect Fibre Channel security and examines how to determine if y...

  • Protect your business from a Google hack

    Learn how to use advanced operators, special searching techniques offered by Google that enable advanced queries, to discover if your company's sensitive security information is exposed on the Inte...

  • Apple fixes more than a dozen OS X flaws

    The pile of security updates is Apple's response to not only a critical flaw uncovered last week, but also to the recent scrutiny regarding the security of its flagship OS.

  • Google Hacking: Why being a Google dork is hurting your company

    Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend agains...