Security Management Strategies for the CIO- Secure SaaS: Cloud services and systems
- Operating System Security
- Enterprise Vulnerability Management
- Virtualization Security Issues and Threats
- Securing Productivity Applications
- Software Development Methodology
- Web Security Tools and Best Practices
- Application Firewall Security
- Application Attacks (Buffer Overflows, Cross-Site Scripting)
- Database Security Management
- Open Source Security Tools and Applications
- Social media security
Email Alerts
-
Cloud endpoint security: Considerations for cloud security services
Mike Chapple details discuses considerations for using cloud security services, specifically cloud endpoint security.Answer
-
The need for cloud computing security standards
Cloud computing needs security standards and widely adopted security practices in order to become a viable choice for the enterprise.Magazine
-
DHS cloud computing: Homeland Security’s model private cloud strategy
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.News | 05 Oct 2011
-
Enterprise antivirus comparison: Is cloud-based antivirus better?
Cloud-based antivirus has pros and cons, but, on the whole, can it be more effective than regular antivirus products? Learn more from expert Nick Lewis.Answer
-
What is SQL Server Atlanta?
Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security.Answer
-
Amazon launches new cloud identity management functionality
AWS customers can now use their existing identity management systems.News | 04 Aug 2011
-
CSA cloud provider registry aims to boost cloud transparency
Free online registry will provide documentation of cloud provider security controls.News | 04 Aug 2011
-
Symantec executives caution customers on cloud provider security
Businesses must hold cloud providers to the same security standards they hold themselves to, Symantec executives said at the company’s annual Vision user conference.News | 04 May 2011
-
Cloud migration requires network retooling
Learn what is required for cloud migration, including retooling of network design and security controls such as encryption and DLP.Feature
-
Cloud computing technologies: transformation time
Cloud computing is forcing an evolution of information security practices and technology.Feature
- VIEW MORE ON : Secure SaaS: Cloud services and systems
-
application whitelisting
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition
-
Microsoft issues rushed patch for ASP.NET encryption flaw
Emergency patch repairs a vulnerability in the ASP.NET framework that causes faulty AES encryption implementations.Article | 28 Sep 2010
-
Microsoft to address critical vulnerability in Office Web Components
Microsoft will issue security updates for five critical vulnerabilities next week, including one that affects multiple software packages.Article | 06 Aug 2009
-
Readers' Choice Awards 2011
-
Black Hat 2011: Hacking technique targets Windows kernel errors
Researcher Tarjei Mandt uncovered dozens of hidden vulnerabilities deep inside Microsoft Windows.News | 26 Jul 2011
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.Definition
-
application whitelisting
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition
-
PDF download: Information Security magazine May 2012
In this issue, security expert Lisa Phifer examines mobile device management technology.Magazine
-
VMware strategy for security partners undergoes overhaul
Virtualization giant revamps its security partner program after hitting some bumps in the road.Magazine
-
Four VDI security concepts for every virtual desktop deployment
Traditional IT security measures don’t always apply well to virtual desktop infrastructures; apply these four VDI security concepts.Tip
-
Revitalizing endpoint security with VDI desktops
Implementing VDI desktops provides an opportunity to re-architech endpoint security and management. Learn how in this supercast with Eric Ogren.Video
-
VDI security supports active protection strategies
ISM November 2011 cover story: Eric Ogren on how virtual desktop infrastructure enhances compliance, data protection and malware protection.Magazine
-
JeOs and the benefits of a virtual security appliance
A virtual security appliance offers enterprises a number of benefits, including an optimized operating system that simplifies patch management.Answer
-
Cloud computing providers and PCI virtualization requirements
How should an enterprise approach its cloud computing providers following the debut of the PCI virtualization requirements? Charles Denyer explains.Answer
-
Can the VMware PCI Compliance Checker assess my compliance posture?
The VMware PCI Compliance Checker claims to assess the compliance of a VMware virtual environment. Does it work? Charles Denyer has the answer.Answer
-
AV storm
An AV storm is the performance degradation that occurs when antivirus software simultaneously scans multiple virtual machines (VMs) on a single physical host. Definition
-
Virtualized behavior-based monitoring: Improving performance visibility
Learn about virtual behavior-based monitoring tactics, which allow for easy anomaly detection and can help defend a virtualization infrastructure.Answer
- VIEW MORE ON : Virtualization Security Issues and Threats
-
Steve Lipner on the Microsoft SDL, critical infrastructure protection
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection.News | 16 May 2012
-
IE automatic updates: Better security or more update fatigue?
Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps?Answer
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses.Tip
-
Adobe Flash Player patch fixes critical holes, releases silent automatic updater
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2News | 29 Mar 2012
-
Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers.News | 16 Feb 2012
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.News | 06 Feb 2012
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach?News | 27 Jan 2012
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are hard to patch and easy to exploit. Is it time to ban some apps, or to take a new approach?Opinion
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know.Tip
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution.News | 10 Jan 2012
- VIEW MORE ON : Securing Productivity Applications
-
Wysopal on application security training, program gaps
Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains.News | 21 May 2012
-
Steve Lipner on the Microsoft SDL, critical infrastructure protection
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection.News | 16 May 2012
-
Gary McGraw: Eliminating badware addresses malware problem
Bad software and malicious software are two different issues that are easily confused, says software security expert Gary McGraw.Opinion
-
HTML5 security: Will HTML5 replace Flash and increase Web security?
Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure.Tip
-
Reverse engineering tools for mobile apps emerging, expert says
Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert.News | 27 Apr 2012
-
Spam filter gets better of Microsoft SDL—almost
Two program managers at SOURCE Boston shared how a serious vulnerability reported to the MSRC fell into a spam filter and caused an out-of-band patch.News | 24 Apr 2012
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws.News | 18 Apr 2012
-
Hunting for application logic flaws requires people, expert says
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws.News | 10 Apr 2012
-
Gary McGraw on software security assurance: Build it in, build it right
If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.Opinion
-
Gary McGraw: Build security in from start
If the field of computer security is to be fixed, the only hope we have is building security in, says software security expert Gary McGraw.News | 09 Apr 2012
- VIEW MORE ON : Software Development Methodology
-
PDF download: Information Security magazine February 2012
Read about new antimalware strategies and readers' 2012 priorities in this issue of Information Security magazine.Magazine
-
Book chapter: Social media security policy best practices
The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Chapter Excerpt
-
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention
The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.Answer
-
XML firewall security guide: Prevent XML vulnerabilities and threats
This section of the XML Web services Tutorial highlights the functions and capabilities of the XML firewall, how the features of an XML firewall compare to other firewalls, and offers advice on how to prevent XML vulnerabilities and stop XML attacks.Learning Guide
-
Security School: Antimalware deployment concerns
Does antimalware shield enterprises like it once did? Is it even necessary? What's next? Expert Diana Kelley offers a fresh take.Lesson
-
How to test a firewall: A three-step guide for testing firewalls
There are three steps when testing firewalls for your organization. Expert Joel Snyder explains how to test a firewall.Tip
-
How application whitelisting can help prevent advanced malware attacks
Advanced malware can be tricky, but application whitelisting on desktops can provide an additional layer of protection against malware attacks.Tip
-
NGFW: Getting clarity on next-gen firewall features
There’s a lot of hype about next-generation firewalls. Here’s what you need to know.Magazine
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.Answer
-
How to choose application security tools for certain scenarios
Learn about application whitelisting, application firewalls and activity monitoring, and how to choose the right application security tools and products.Answer
-
Readers' Choice Awards 2011
-
UTM features: Is a UTM device right for your layered defense?
Expert Mike Chapple explores what features a contemporary UTM device provides, and explains the factors that help determine UTM total cost of ownership.Tip
-
Understanding the value of an enterprise application-aware firewall
Today's enterprise application-aware firewall technology offers a host of features to manage application and Web 2.0 traffic. Expert Michael Cobb takes a look at the features and how to make the most of them.Tip
-
Trustwave buys Breach Security for WAF technology
Trustwave said it would integrate Breach's Web application firewall into its pen-testing and code-review services. The vendor says it's committed to ModSecurity.Article | 22 Jun 2010
- VIEW MORE ON : Application Firewall Security
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users.News | 04 May 2012
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.Answer
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise?Answer
-
Robert Westervelt, News Director
Robert Westervelt is News Director for the TechTarget Security Media Group.News Director
-
Exploit Intelligence Project: Rethinking information security threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that.Video
-
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention
The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.Answer
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps.Tip
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits.Answer
-
New GrayWolf tool sheds light on Microsoft .NET application security
Black Hat 2011: A free Microsoft .NET application security tool helps programmers reverse-engineer .NET applications to manipulate and control them.News | 04 Aug 2011
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.Definition
- VIEW MORE ON : Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Analysis: Oracle trips on TNS zero-day workaround
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk.News | 02 May 2012
-
Oracle won’t patch four-year-old zero-day in TNS listener
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.”News | 01 May 2012
-
Security event log management, analysis needs effective ways to search log files
Search is a key discipline for security log management. John Burke explains how to better search log files to improve security event log management.Tip
-
Submit your questions about application security
Michael Cobb is standing by to give you free, unbiased advice on application security.Answer
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.Answer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues.Answer
-
Best practices for enterprise database compliance
Successful enterprise database compliance means, for starters, access must be tightly controlled and monitored. Charles Denyer covers key database compliance essentials.Tip
-
Comparing relational database security and NoSQL security
In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security.Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses.Answer
-
What is SQL Server Atlanta?
Have you heard about Microsoft’s cloud-based SQL Server Atlanta service? Expert Michael Cobb discusses how Atlanta can help improve performance and security.Answer
- VIEW MORE ON : Database Security Management
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn.News | 11 Apr 2012
-
Screencast: ShareEnum eases network enumeration, network share permissions
Mike McLaughlin displays how easy network enumeration can be with ShareEnum, including the ability to quickly secure network shares and display share permissions.Screencast
-
Addressing HP netbook security with webOS discontinued
A company contemplates the security implications of continuing an HP netbook rollout with webOS discontinuedAnswer
-
OpenStack security analysis: Pros and cons of open source cloud software
Expert Michael Cobb examines the open source cloud computing platform OpenStack and relevant OpenStack security issues.Answer
-
Debug and test Web applications using Burp Proxy
The Burp Proxy tool, part of the Burp Suite, has many useful features that test Web application security. Learn how to start using Burp Proxy.Answer
-
An inside look into OWASP’s Mantra tool
OWASP’s Mantra tool is being praised by security pro’s for its abundance of options and ease of use. In this screencast, Mike McLaughlin takes a look at what Mantra has to offer.Tip
-
Valuable third-party patch deployment software, tools
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your enterprise.Ask the Expert
-
ngrep: Learn how to find new malware with ngrep examples
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool.Tip
-
Video: OSSEC screenshots show how to use the free IDS
An intrusion detection system has become necessary for most enterprises, but they can be both expensive and difficult to configure. In part two of this screencast, learn how to use the free IDS OSSEC.Tip
-
How to install an OSSEC server on Linux and an OSSEC Windows agent
Learn how to install the free, host-based intrusion detection system OSSEC, with step-by-step instructions on setting up an OSSEC Linux server with an OSSEC Windows agent.Tip
- VIEW MORE ON : Open Source Security Tools and Applications
-
Book chapter: Social media security policy best practices
The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Chapter Excerpt
-
Screencast: How to use WPScan to provide WordPress plug-in security
Mike McLaughlin displays the abilities of WPScan and the simplicity the tool offers in assessing the security of WordPress plug-ins and avoiding related security vulnerabilities.Video
-
Ramnit malware data out-of-date, social network says
A Facebook spokesperson said the malware is not propagating on the social network.News | 09 Jan 2012
-
Robert Westervelt, News Director
Robert Westervelt is News Director for the TechTarget Security Media Group.News Director
-
Web application risks exacerbated by social media ties, says ISACA
Asynchronous JavaScript Technology, XML, Flash and HTML 5 enable a rich Web experience, but also give attackers an alarming number of ways to penetrate corporate networks.News | 26 Oct 2011
-
Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute.News | 03 Oct 2011
-
Secure browsing: Free plug-in lessens social networking security risks
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks.Tip
-
Social networking best practices for preventing social network malware
Get advice on social networking security best practices that can help prevent data leaks and other social network malware that could harm to your enterprise.Ask the Expert
-
Phishing attacks target users of Facebook, other social networks
Cybercriminals are dumping the traditional email phishing campaigns for social networks, where it's easier to social engineer attacks and gain trust of users.Article | 08 Sep 2010
-
After Facebook attack, has the threat of clickjacking attacks increased?
Learn more about the recent Facebook attack, and how clickjacking attacks in general can affect enterprise information security in this expert response from Nick Lewis.Ask the Expert
- VIEW MORE ON : Social media security