Home
Topics
Application and Platform Security

Using EMET to harden Windows XP and other legacy app...

Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
Zed Attack Proxy tutorial: Uncover Web app vulnerabi...

Video: Keith Barker of CBT Nuggets offers a OWASP Zed Attack Proxy tutorial. Learn how to find and nullify Web application vulnerabilities using ZAP.
distributed denial-of-service attack (DDoS)

On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby c...
Is Google Private Channel more secure than an enterp...

Is the Google Private Channel a more secure option than building an internal enterprise app store? Expert Michael Cobb discusses.

Application and Platform Security

Secure SaaS: Cloud services and systems
Operating System Security
Enterprise Vulnerability Management
Virtualization Security Issues and Threats
Securing Productivity Applications
Software Development Methodology
Web Security Tools and Best Practices
Application Firewall Security
Application Attacks (Buffer Overflows, Cross-Site Scripting)
Database Security Management
Email Protection
Open Source Security Tools and Applications
Social media security

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Can self-managed cloud security controls ease enterprise concerns?

Expert Dave Shackleford details how enterprises can increasingly manage their own cloud security controls with private virtual cloud offerings.Tip
Cloud API security risks: How to assess cloud service provider APIs

The CSA says cloud API security is a top threat to cloud environments. Expert Dave Shackleford explains how to assess the security of providers' APIs.Tip
CSA offers new initiatives to address SMB cloud security issues

In response to growing SMB cloud security issues, the Cloud Security Alliance announced a new working group and membership level focused on SMBs.News | 26 Apr 2013
How to develop cloud applications based on Web app security lessons

Expert Dave Shackleford details how to build cloud applications based on typical Web app security flaws and cloud provider tools and platforms.Tip
Report suggests cloud security concerns are overblown

A study by Alert Logic downplays cloud security concerns when compared to traditional IT infrastructure, but indicates Web app attacks are a problem.News | 26 Mar 2013
Security, cloud monitoring tools viewed as cloud adoption barriers

Video: Eric Chiu, president of HyTrust, explains why subpar cloud monitoring tools are a top barrier to cloud adoption in the enterprise.Video
Cloud security panel discusses transparency, Notorious Nine at RSA

A panel of cloud security experts fielded questions on cloud provider transparency, the CSA's Notorious Nine report and more at RSA Conference 2013.News | 01 Mar 2013
John Howie discusses CSA initiatives, cloud adoption issues at RSA

Video: John Howie, COO of the Cloud Security Alliance, discusses the ongoing initiatives at the CSA and how to overcome cloud adoption issues.Video
Eric Chiu analyzes version 2 of the PCI DSS cloud computing guidelines

Video: Eric Chiu, president of HyTrust, examines v. 2 of the PCI DSS cloud computing guidelines and offers guidance on cloud customer responsibility.Video
Software patching 2.0: Cutting costs with virtual patching, automation

Struggling to bring the cost of the patch management process down? Expert Michael Cobb suggests virtual patching and automated tools can play a role.Tip
VIEW MORE ON : Secure SaaS: Cloud services and systems

application whitelisting

Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition
Microsoft issues rushed patch for ASP.NET encryption flaw

Emergency patch repairs a vulnerability in the ASP.NET framework that causes faulty AES encryption implementations.Article | 28 Sep 2010
Microsoft to address critical vulnerability in Office Web Components

Microsoft will issue security updates for five critical vulnerabilities next week, including one that affects multiple software packages.Article | 06 Aug 2009

virtual patching

Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual patch is sometimes called a Web application firewall (WAF).Definition
Threat prevention techniques: Best practices for threat management

A successful threat management program requires effective processes, layered technology and user education.Feature
Readers' Choice Awards 2011

Readers vote on the best vulnerability management products, including network vulnerability assessment scanners, vulnerability risk management, reporting, remediation and compliance, patch management and vulnerability management lifecycle products.Guide
Black Hat 2011: Hacking technique targets Windows kernel errors

Researcher Tarjei Mandt uncovered dozens of hidden vulnerabilities deep inside Microsoft Windows.News | 26 Jul 2011
application blacklisting

Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabilities but also those that are deemed inappropriate within a given organization. Blacklisting is the method used by most antivirus programs, intrusion prevention/detection systems and spam filters.Definition
application whitelisting

Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications, and, to a lesser extent, to prevent unnecessary demand for resources.Definition

The value of a virtual security gateway in the data center

Matthew Pascucci discusses virtual security gateway appliances and whether they are a virtual data center necessity or just an overhyped product.Answer
How to configure a VLAN to achieve the benefits of VLAN security

Expert Brad Casey explains how to configure a VLAN in order to achieve the benefits of VLAN security, including protection against insider attacks.Tip
Defending against watering hole attacks: Consider using a secure VM

Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them.Tip
Five Steps to Incident Management in a Virtualized Environment

Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes. Traditional IM approaches, however, are not always effective in a partially or completely virtualized data center. Consequently, some aspects of incident management and response processes require review and adjustment as an increasing number of critical systems move to virtual servers.Reference
Inaugural AWS re:Invent show to highlight AWS security issues

Amazon CEO Jeff Bezos will headline this week's first-ever AWS re: Invent cloud computing conference, where several sessions will cover security issues.News | 28 Nov 2012
Trend Micro issues cloud, mobile security assessment tools

Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations.News | 27 Nov 2012
Tackle virtualization compliance by balancing business, security needs

Security and business cultures don't always mesh, but virtualization compliance requires balance between them. Eric Ogren explains in this tutorial.Video
Virtualization server security best practices
Sell the business on virtualization security
Security threats to virtual environments less theoretical, more practical
VIEW MORE ON : Virtualization Security Issues and Threats

Combat Shockwave security issues with a Web security gateway

Expert Michael Cobb discusses Adobe Shockwave security issues highlighted by US-CERT, and details how a Web security gateway is one way to allay them.Answer
The updated Makadocs malware: How to protect users locally

Security expert Nick Lewis details how the updated Makadocs malware uses Google Docs as a command and control server and offers mitigations for users.AtE
Adjusting third-party patch management after Flash updates move

Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday.Answer
Dropbox security concerns: Time to find secure Dropbox alternatives?

Are Dropbox security concerns serious enough to require enterprise users to switch to secure Dropbox alternatives? Expert Michael Cobb discusses.Answer
NoSQL security: Do NoSQL database security features stack up to RDBMS?

With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS.Tip
Is sandboxing the answer to Adobe Acrobat, Adobe Reader security woes?

Expert Michael Cobb assesses the impact of sandboxing on Adobe Acrobat and Adobe Reader security. Can enterprises trust Adobe's new security methods?Answer
RSA 2013: Brad Arkin outlines state of Adobe security, update strategy

Video: Adobe software security chief Brad Arkin discusses how his firm is responding to the recent increase in zero-day flaws.Video
US-CERT warns of Adobe Shockwave Player threat

An attacker can exploit weaknesses in files intended to extend the functionality of Shockwave Player. No practical solution is available, US-CERT said.News | 18 Dec 2012
Quiz: Choosing a Web security gateway

Check you're up to speed and ready to choose and deploy a Web security gateway. This five-question quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School.Quiz
SAP security overview: Server-side request forgery attack mitigation

Expert Michael Cobb provides an SAP security overview, including steps enterprises can take to defend against server-side request forgery attacks.Tip
VIEW MORE ON : Securing Productivity Applications

New skills for the QA tester: Scripting, security

Software quality assurance is gaining respect as a profession -- but do QA testers have the scripting and security skills the role now requires?Quality Time | 17 May 2013
At Adobe, secure software development program demands 'ninja' tactics

Video: Adobe CSO Brad Arkin explains how his firm fosters secure software development by inspiring developers to become security 'ninjas.'Video
Kandek: Most secure Web browser may be one with fewest plug-ins

Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves.Video
Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann

Marcus Ranum, security expert and Information Security magazine columnist, goes one-on-one with clean-slate luminary Peter G. Neumann of SRI International and formerly Bell Labs.Column
Editor’s desk: A chat with Peter G. Neumann

Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures.Feature
Use the Android static analysis tool Dexter to safely deploy apps

Video: Keith Barker of CBT Nuggets demos Dexter, the Android static analysis tool that examines and securely deploys Android applications.Screencast
Marcus Ranum: Q&A with clean-slate pioneer Peter G. Neumann
Editor’s desk: A chat with Peter G. Neumann
Remediation planning for Ruby on Rails security vulnerabilities

The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning.Tip
McGraw: Use VBSIMM software security model when buying software

Video: Gary McGraw explains how JPMorgan Chase and others use the VBSIMM security model to vet software purchased from third-party vendors.Video
VIEW MORE ON : Software Development Methodology

How to prevent SQL injection attacks by validating user input

Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures.Answer
Quiz: Choosing a Web security gateway

Check you're up to speed and ready to choose and deploy a Web security gateway. This five-question quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School.Quiz
PDF download: Information Security magazine February 2012

Read about new antimalware strategies and readers' 2012 priorities in this issue of Information Security magazine.Magazine
Book chapter: Social media security policy best practices

The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.Chapter Excerpt
Web application attacks: Building hardened apps

This security school lesson details the myriad of Web application attacks in circulation today, providing detailed explanations of SQL injection attacks, clickjacking, cross-site scripting and cross-site request forgery attacks and other Web-based attacks that lead right to sensitive information stored in a backend database. We’ll also explain how to begin assessing your production Web apps for dangerous flaws and how to architect a software development process that can help you counter these threats in both QA and production.partOfGuideSeries
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention

The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response.Answer
XML firewall security guide: Prevent XML vulnerabilities and threats

This section of the XML Web services Tutorial highlights the functions and capabilities of the XML firewall, how the features of an XML firewall compare to other firewalls, and offers advice on how to prevent XML vulnerabilities and stop XML attacks.Learning Guide
Mitigating Web 2.0 threats

As companies look to cut costs, Software as a Service has gained ground in the enterprise. Similarly, social networking sites like Facebook and LinkedIn are must-haves in today's workplace. David Sherry reviews how to secure these services and defend against a variety of Web 2.0 threats.partOfGuideSeries

In 2013, Cisco network security product strategy to key on integration

Video: Cisco SVP Chris Young details the vendor's 2013 network security product strategy, specifically combining more features into its line of ASA firewalls.Video
virtual patching

Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual patch is sometimes called a Web application firewall (WAF).Definition
Cloud IaaS security: Is a virtual firewall the best bet?

Matthew Pascucci discusses whether organizations should use an IaaS virtual firewall to protect applications that have been moved to the cloud.Answer
How a next-generation firewall prevents application-layer attacks

Next-generation firewalls can block common yet dangerous SQL-injection and buffer-overflow attacks. Learn how an NGFW stops application-layer attacks.Tip
Implement software development security best practices to support WAFs

WAFs aren't a panacea for all Web security woes. Software development security best practices are still vital. Expert Michael Cobb discusses why.Answer
Custom, targeted malware attacks demand new malware defense approach

Widespread use of custom malware in targeted attacks requires better attack preparation and response, and a variety of new malcode defenses.News | 16 Nov 2012
Comparative Product Review: Six Web Application Firewalls
NGFW: Getting clarity on next-gen firewall features
Brick By Brick
Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
VIEW MORE ON : Application Firewall Security

Five common Web application vulnerabilities and how to avoid them

Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them.Tip
Website vulnerabilities down, but progress still needed, survey finds

A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist.News | 02 May 2013
How to prevent SQL injection attacks by validating user input

Expert Michael Cobb discusses how to prevent SQL injection attacks by validating user input and utilizing parameterized stored procedures.Answer
mobile app security

Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals.Definition
pharma hack

The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings.Definition
Java vulnerabilities continue to crop up with Java 7, Update 11 release

Oracle continues to encounter security issues with Java as the Java 7, Update 11 release is found to have two significant vulnerabilities.News | 21 Jan 2013
How a next-generation firewall prevents application-layer attacks

Next-generation firewalls can block common yet dangerous SQL-injection and buffer-overflow attacks. Learn how an NGFW stops application-layer attacks.Tip
How to protect users exposed to cache poisoning attacks by HTML5

Expert Nick Lewis explains how the HTML5 offline application cache exposes users to the threat of cache poisoning and provides mitigation options.Answer
Quiz: Choosing a Web security gateway

Check you're up to speed and ready to choose and deploy a Web security gateway. This five-question quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School.Quiz
PDF download: Information Security magazine November 2012

In this issue, find out who won this year’s Security 7 Award, Also, we examine the pros and cons of the Metasploit penetration testing framework.Feature
VIEW MORE ON : Application Attacks (Buffer Overflows, Cross-Site Scripting)

Privileged user management a must for DBAs

Trust, but verify. Ronald Reagan made it popular, and it's certainly relevant for DBAs in today's consolidated, virtualized IT world.Oracle Revelations | 15 May 2013
The Narilam malware: How to protect SQL databases, corporate records

Expert Nick Lewis explains how the Narilam malware infects SQL databases and destroys corporate records, and offers advice on mitigation.Answer
NoSQL security: Do NoSQL database security features stack up to RDBMS?

With NoSQL databases increasingly being used to tackle big data challenges, expert Michael Cobb examines NoSQL security in comparison to RDBMS.Tip
What to look for in full-packet-capture and network forensic tools

Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search.Answer
column-level encryption

Column-level encryption is a method of database encryption in which the information in every cell (or data field) in a particular column has the same password for access, reading, and writing purposes.Definition
MySQL security analysis: Mitigating MySQL zero-day flaws

In the wake of several recent MySQL zero-day vulnerabilities, expert Michael Cobb assesses the state of MySQL security. Is a MySQL alternative needed?Tip
Mitigations for an Oracle database authentication vulnerability

A patch for an Oracle database authentication vulnerability was only released for version 12. Expert Nick Lewis discusses mitigations for 11.1 users.Answer
Windows Server 2012 security: Is it time to upgrade?

Expert Michael Cobb wades through the security features of Windows Server 2012 to find out what's new and beneficial in Microsoft's latest release.Tip
ISM April 2004 Lindstrom
Cleaning a compromised server: How to detect booter shells, remnants

Expert Nick Lewis discusses the importance of fully cleaning a compromised server and how to detect and remove booter shells and other remnants.Answer
VIEW MORE ON : Database Security Management

Improving enterprise email security: Systems and tips

Enterprise email security has become more vital than ever due to increased attacks and threats. This tip details systems that can improve protection.Tip
MoD plans secure email system based on TSCP specification

The Ministry of Defence is hoping a new, secure email system will improve its supply chain communication, but rollout is proving slow.Article | 17 Jan 2008

Sourcefire's Roesch: How Snort can normalize JavaScript, model rules

Video: Snort creator Martin Roesch discusses new Snort features like JavaScript normalization and rule modeling, and looks ahead to Snort's future.Video
Use the Mandiant Redline memory analysis tool for threat assessments

Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits.Video
How to utilize NDPMon for better IPv6 monitoring, network visibility

Video: Keith Barker of CBT Nuggets demonstrates NDPMon, a free, open source security tool that can improve IPv6 monitoring and network visibility.Screencast
ISM February 2003 Ranum
Splunk tutorial demonstrates how to use Splunk for security

Video: Keith Barker of CBT Nuggets walks viewers through a tutorial of Splunk and shows how the free version can be used for IT security.Video
Zenmap tutorial: Mapping networks using Zenmap profiles

Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles.Video
How to use Wireshark to detect and prevent ARP spoofing

Video: Keith Barker of CBT Nuggets demonstrates how to use Wireshark, the popular open source packet analyzer, to prevent ARP spoofing attacks.Screencast
Seven Outstanding Security Pros in 2012

Find out who won this year’s Security 7 Award, which honors outstanding security professionals in seven vertical markets. Also in this issue, we examine the pros and cons of the Metasploit penetration testing framework, and ways to overcome cloud compliance challenges.E-Zine
Knoppix-NSM removes complexity of Snort-based network security monitoring
Redefining free security software
VIEW MORE ON : Open Source Security Tools and Applications

Avoiding pitfalls in social media compliance, security

Expert Mike Chapple offers regulatory compliance advice regarding the management of enterprise social media accounts.Answer
Trusteer warns of new man-in-the-browser Twitter attack

The attack seeks to compromise a Twitter webpage via a man-in-the-browser attack. Trusteer warns it could be a harbinger of broader future attacks.News | 24 Apr 2013
pharma hack

The pharma hack is an exploit that takes advantage of vulnerabilities in WordPress or Joomla documents, causing search engines, notably the one hosted by Google, to return ads for pharmaceutical products along with legitimate listings.Definition
Safely using shortened URLs requires user education, technology

Expert Nick Lewis delves into the potential threat posed by shortened URLs and what enterprises can do to protect users from malicious short URLs.Answer
Mobile malware and social malware: Nipping new threats in the bud

Learn mobile and social media malware prevention tactics as contributor Lisa Phifer analyzes the malware risks of social media and mobile devices.Video
likebaiting

Likebaiting is the practice of trying to compel Facebook users to click the Like button associated with a piece of content. The practice is similar to linkbaiting, in which content producers craft content with the intent of getting people to link to it.Definition
Akonix Systems' Akonix A-Series Product Review
Instant Messaging: Symantec IM Manager 8.0
Instant Messaging: Akonix L7 Enterprise 4.0
likejacking

Likejacking is a variation on clickjacking in which malicious coding is associated with a Facebook Like button. The most common purposes of likejacking include identity theft and the dissemination of viruses, social spam and hoaxes.Definition
VIEW MORE ON : Social media security

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Application and Platform Security

Email Alerts

About This Topic

More from Related TechTarget Sites