Security Management Strategies for the CIO
Email Alerts
-
Quiz: Choosing a Web security gateway
Check you're up to speed and ready to choose and deploy a Web security gateway. This five-question quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School. Quiz
-
PDF download: Information Security magazine November 2012
In this issue, find out who won this year’s Security 7 Award, Also, we examine the pros and cons of the Metasploit penetration testing framework. Feature
-
Old Application Vulnerabilities, Misconfigurations Continue to Haunt
Flaws in legacy applications and configuration blunders still plague organizations, experts say. Feature
-
Web application attacks: Building hardened apps
This security school lesson details the myriad of Web application attacks in circulation today, providing detailed explanations of SQL injection attacks, clickjacking, cross-site scripting and cross-site request forgery attacks and other Web-based at... partOfGuideSeries
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Black Hat conference 2010: News, podcasts and videos
Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts. Conference Coverage
-
Quiz: Securing the application layer
Take this quiz to test your knowledge of the information presented in the Integration of Networking and Security school lesson on securing the application layer. Quiz
-
Web application attacks security guide: Preventing attacks and flaws
This Web application attacks guide explains how Web application attacks occur, identifies Web application attack types, and provides Web application security tools and tactics to protect against them. Learning Guide
-
Quiz: How to build secure applications
Use this five-question quiz to test your knowledge of how to secure your enterprise apps. Quiz
-
Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
Buffer overflow exploits and vulnerabilities can lead to serious harm to corporate Web applications, as well as embarrassing and costly data security breaches and system compromises. Learning Guide
- See more Essential Knowledge on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Security researcher finds vulnerabilities in emergency alert system
Seattle-based application security company IOActive has uncovered significant vulnerabilities in Digital Alert Systems' DASDEC. News | 09 Jul 2013
-
Report finds security tools add software vulnerabilities of their own
A report by iViZ Security Inc. found that overall vulnerabilities in security products in 2012 rose sharply. News | 31 May 2013
-
Website vulnerabilities down, but progress still needed, survey finds
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist. News | 02 May 2013
-
Java vulnerabilities continue to crop up with Java 7, Update 11 release
Oracle continues to encounter security issues with Java as the Java 7, Update 11 release is found to have two significant vulnerabilities. News | 21 Jan 2013
-
Adobe investigates zero-day that bypasses Reader X sandbox
Zero-day exploit Zero-day exploit was added to a custom version of the Black Hole attack toolkit, according to a Russian-based security firm Group IB. News | 09 Nov 2012
-
Research firm discovers new Java sandbox vulnerability
A Java sandbox flaw could allow malicious code to run on any system running Java 5, 6, or 7. Users are advised to disable the Java browser plugin. News | 26 Sep 2012
-
Little being done to prevent Web application threats, analysts say
Vulnerabilities in HTML 5 make it an emerging threat; however, SQL injection and XSS remain among the top attacks. News | 19 Sep 2012
-
Java sandboxing could thwart attacks, but design may be impossible
Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more. News | 29 Aug 2012
-
UGNazi hacker group claims responsibility for Twitter outage
Hacktivist group UGNazi says it caused multiple Twitter outages Thursday. Update: Twitter says a "cascading bug" was to blame. News | 21 Jun 2012
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users. News | 04 May 2012
- See more News on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Five common Web application vulnerabilities and how to avoid them
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them. Tip
-
How a next-generation firewall prevents application-layer attacks
Next-generation firewalls can block common yet dangerous SQL-injection and buffer-overflow attacks. Learn how an NGFW stops application-layer attacks. Tip
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps. Tip
-
Enterprise PDF attack prevention best practices
Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics. Tip
-
Improving software with the Building Security in Maturity Model (BSIMM)
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)? Tip
-
Prevent cross-site scripting hacks with tools, testing
In this tutorial, learn how to prevent cross-site scripting (XSS) attacks, how to avoid a hack, and how to fix vulnerabilities and issues with cross-site scripting prevention tools, system and application testing and several other defense and prevent... Tip
-
Preventing and stopping SQL injection hack attacks
In this tip, which is a part of our Web Application Attack Security Guide, you will learn methods, tools and best practices for preventing, avoiding and stopping SQL injection hack attacks. Tip
-
How to stop buffer-overflow attacks and find flaws, vulnerabilities
In this tip, which is part of our Web Application Attack Security Guide, learn how to stop buffer-overflow attacks from infiltrating your systems and learn how to find buffer-overflow flaws and vulnerabilities with protection and defense methods and ... Tip
-
Distributed denial-of-service protection: How to stop DDoS attacks
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by using intrusion prevention technologies and products. Tip
-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip. Tip
- See more Tips on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
The 2013 OWASP Top 10 list: What's changed and how to respond
Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises. Answer
-
How an Adobe Reader zero-day exploit escapes sandboxing capabilities
Expert Nick Lewis explains how a recent zero-day exploit escaped the Adobe Reader sandbox, and whether it's likely to happen again. Answer
-
How to prevent SQL injection attacks by validating user input
Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures. Answer
-
How to protect users exposed to cache poisoning attacks by HTML5
Expert Nick Lewis explains how the HTML5 offline application cache exposes users to the threat of cache poisoning and provides mitigation options. Answer
-
Defend against the SQL injection tool Havij, other SQL injection tools
Expert Nick Lewis discusses the dangers of the SQL injection tool Havij and provides tips to protect the enterprise against other SQL injection tools. Answer
-
Revisiting JRE security policy amid new ways to exploit Java
Expert Nick Lewis analyzes the increasing ability by hackers to exploit Java and the need to perform a JRE security policy analysis in response. Answer
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention
The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response. Answer
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits. Answer
-
Why it's important to turn on DEP and ASLR Windows security features
In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on. Ask the Expert
- See more Expert Advice on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Definition
-
mobile app security
Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. Definition
-
pharma hack
The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings. Definition
-
likebaiting
Likebaiting is the practice of trying to compel Facebook users to click the Like button associated with a piece of content. The practice is similar to linkbaiting, in which content producers craft content with the intent of getting people to link to ... Definition
-
SEO poisoning (search poisoning)
Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results. The sites associated with the links may infect visitors with malware or fraudulently access... Definition
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
cyberterrorism
According to the U.S. Federal Bureau of Investigation, cyberterrorism is any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub... Definition
-
JavaScript hijacking
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued) Definition
-
buffer overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Definition
-
ping of death
On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol. Definition
- See more Definitions on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Slideshow: Five common Web application vulnerabilities and mitigations
Expert Michael Cobb analyzes five common Web application vulnerabilities from the OWASP top 10 list and provides mitigations for enterprises. Slideshow
-
Exploit Intelligence Project: Rethinking information security threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
-
An application security framework for infrastructure security managers
Video: Get a primer on common application attack methods and an application security framework to help infrastructure security teams. Video
-
Balancing security and performance: Protecting layer 7 on the network
This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more. Video
-
Defending against Internet security threats and attacks
From buffer overflows to cross-site scripting, Web threats are many. Security researchers at Information Security Decisions 2008 discuss how to keep enterprises safe from these attacks (part 2 of 4). Video
-
The 2013 OWASP Top 10 list: What's changed and how to respond
Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises. Answer
-
How an Adobe Reader zero-day exploit escapes sandboxing capabilities
Expert Nick Lewis explains how a recent zero-day exploit escaped the Adobe Reader sandbox, and whether it's likely to happen again. Answer
-
Slideshow: Five common Web application vulnerabilities and mitigations
Expert Michael Cobb analyzes five common Web application vulnerabilities from the OWASP top 10 list and provides mitigations for enterprises. Slideshow
-
Security researcher finds vulnerabilities in emergency alert system
Seattle-based application security company IOActive has uncovered significant vulnerabilities in Digital Alert Systems' DASDEC. News
-
Report finds security tools add software vulnerabilities of their own
A report by iViZ Security Inc. found that overall vulnerabilities in security products in 2012 rose sharply. News
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Definition
-
Five common Web application vulnerabilities and how to avoid them
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them. Tip
-
Website vulnerabilities down, but progress still needed, survey finds
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist. News
-
How to prevent SQL injection attacks by validating user input
Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures. Answer
-
mobile app security
Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. Definition
- See more All on Application Attacks (Buffer Overflows, Cross-Site Scripting)
About Application Attacks (Buffer Overflows, Cross-Site Scripting)
Hackers have moved away from the operating system and are now concentrating much of their efforts on applications. Get the best news and information on recognizing vulnerabilities and defending against Web application and Web 2.0 attacks and threats such as buffer overflows and cross site scripting, denial-of service (DOS) attacks and SQL injections.