More from SearchSecurity -- May 2006

Welcome to SearchSecurity.com's supplement to the latest issue of Information Security magazine. Now that you've read the story in the magazine, continue to explore these topics on SearchSecurity.com.

THIS MONTH ON SEARCHSECURITY

Web Application Attacks
Web applications can be vulnerable to a variety of hacking attacks such as cross-site scripting and buffer overflows. This Learning Guide arms you with tactics for strengthening your applications against such attacks during the development and post-deployment phases.

Nmap in the Enterprise
Learn how to use this favored hacking tool to secure an enterprise network. We kick off our series of tips with an introduction to the open source network scanner, and how-tos on installation and configuration.

Microsoft Manager Speaks Out
Watch for our new monthly column featuring Christopher Budd, security program manager of the Microsoft Security Response Center. In partnership with Microsoft, we'll be delivering an exclusive look at its software patch development and delivery process.

Reborn Identity
In this month's issue of Information Security magazine, you learned how GM created an identity management governance model that integrates identities into business and IT systems and includes a common ID-password profile for users that carries over all systems. Now join us on Wed., May 31 for an on-demand expert webcast ,when Mike Rothman, president and principal analyst of Atlanta-based Security Incite, explains how to successfully structure an SSO project, including architectural considerations, implementation timeframes and vendor selection criteria. Attendees will learn which new technologies promise to simplify SSO and the top 10 questions to ask resellers and vendors.
>> Register for this webcast

For advice on how you can improve your identity and access management initiatives, send your questions to our expert, Joel Dubin.
>> Submit an identity and access management question

Is Microsoft Trustworthy Yet?
You read an evaluation of Microsoft's TWC initiative and its payoff at a time when the company's about to issue the first platform built from the ground up using its new Software Development Lifecycle, desktop OS Windows Vista. Now visit our resource center for the latest news and expert advice on how to develop secure software for your organization.
>> Visit our Secure Software Development resource center

Swiping Back
This month's issue provided you with an in-depth look at the PCI Data Security Standard requirements. You learned what organizations are doing to comply and how they're dealing with the challenges. Now read how you can use five security best practices to comply with the standard and mitigate threats to your business as well.
>> Read the tip Meeting the PCI Data Security Standard requirements mitigates threats

Then download a checklist to help you meet the standard's requirements
>> Checklist for meeting the PCI Data Security Standard

Spy Catchers
You read Ed Skoudis' analysis of antispyware products from CA, McAfee, Trend Micro, eSoft, SurfControl, Lavasoft and Webroot. Submit your spyware and other malware questions to Ed via our Ask the Expert feature.
>> Submit a question to Ed

>>Download a step-by-step spyware removal checklist

PING with Tony Spurlin
In an interview with Information Security magazine, Tony Spurlin, Home Depot's Information Risk manager, discusses his homegrown assessment framework and evaluation processes for potential partners.
>> Read the interview