Security Management Strategies for the CIOEmail Alerts
-
Security policy for PDF use: How to secure PDF files for the enterprise
PDF files are an integral part of many enterprises' business processes, and, as such, they are a prime target for malicious activity. In this learning guide, learn how to secure your organization's PDFs, prevent attacks against them and decide when t... Learning Guide
-
Quiz: Database application security
How much do you know about database application security? Take this short quiz to determine what you've learned. Quiz
-
Quiz: How to build secure applications
Use this five-question quiz to test your knowledge of how to secure your enterprise apps. Quiz
-
The Art of Software Security Testing
Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats. chapter excerpt
-
Quiz: Could you detect an application attack?
Take this five-question quiz to test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks. Security Quiz
-
Steve Lipner on the Microsoft SDL, critical infrastructure protection
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News | 16 May 2012
-
Adobe Flash Player patch fixes critical holes, releases silent automatic updater
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2 News | 29 Mar 2012
-
Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers. News | 16 Feb 2012
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News | 06 Feb 2012
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? News | 27 Jan 2012
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News | 10 Jan 2012
-
Adobe security update being issued for zero-day in Reader, Acrobat for Windows
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled. News | 07 Dec 2011
-
Adobe Flex update patches flaw in Flex application development framework
A coding error in the Adobe Flex SDK could cause developers to create applications with cross-site scripting issues, according to an advisory issued by Adobe Systems. News | 01 Dec 2011
-
Firms struggle to address social networking security risks, survey finds
Many firms rely on antivirus and antimalware technologies to address social networking risks, according to a survey by the Ponemon Institute. News | 03 Oct 2011
-
Measurement first among secure software development benchmarks
One expert says before implementing secure software development benchmarks, take stock of the security of existing applications. News | 20 Sep 2011
- See More: News on Securing Productivity Applications
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses. Tip
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
-
How to detect content-type attacks in information security
Malicious attackers have increasingly turned to exploiting vulnerabilities in client-side software. Learn how to detect and prevent these types of attacks in your environment. Tip
-
Secure browsing: Free plug-in lessens social networking security risks
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks. Tip
-
Security sandbox program: Defense-in-depth or layered vulnerabilities?
Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise, and do they just add more vulnerabilities than they're worth? Tip
-
Database application security: Balancing encryption, access control
Database applications are often the epicenter of a company's sensitive data, so security is paramount, but maintaining a balance between security and business use can be tricky. In this tip, Andreas Antonopoulos discusses encryption strategies for da... Tip
-
How to detect software tampering
In their book Surreptitious Software, authors Christian Collberg and Jasvir Nasvir reveals how to tamperproof your software and make sure it executes as intended. Tip
-
Microsoft SharePoint security hinges on authorization, external user management
Management of external user access controls, authentication and authorization are important Microsoft SharePoint security best practices. This is the second of a two-part series of technical tips. Tip
-
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known vuln... Tip
-
PCI compliance and Web applications: Code review or firewalls?
The Payment Card Industry Data Security Standard is about to get a new wrinkle involving Web applications. As of June 30, 2008, to achieve PCI compliance, enterprises must either have their custom Web application code reviewed or install Web applicat... Tip
- See More: Tips on Securing Productivity Applications
-
IE automatic updates: Better security or more update fatigue?
Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps? Answer
-
Validating ERP system security and ERP best practices
Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices. Ask the Expert
-
With EMET, Microsoft ranges beyond mitigation security technology
The Enhanced Mitigation Experience Toolkit is designed to help improve your enterprise application security. See how the EMET toolkit can help protect older Windows systems. Ask the Expert
-
Are RealPlayer, Adobe Shockwave vulnerability risks too great for the enterprise?
Adobe Shockwave and RealNetworks RealPlayer are fun and convenient for enterprise users, but are their vulnerabilities worth the risk of having them? Ask the Expert
-
Adobe Flash alternatives: The best way to avoid Adobe Flash malware?
It's no secret that Adobe Flash is plagued with malware, so, do enterprises really need it? In this expert response, Nick Lewis discusses how you can weigh the importance of functionality and security when it comes to Flash. Ask the Expert
-
Adobe Acrobat Reader security: Can patches be avoided?
Security expert Michael Cobb counters recent advice from Fiserv not to install Adobe Reader patches and says these updates are vital to security and must trump user functionality. Ask the Expert
-
SANS Top 25 programming errors: Application security best practices
Learn the SANS Top 25 programming errors and the best practices for application security. Ask the Expert
-
OpenOffice security: Concerns when moving from Microsoft Office
What are the major OpenOffice security concerns when transitioning from Microsoft Office? Security expert Michael Cobb explains the potential vulnerabilities between open source and commercial software. Ask the Expert
-
The benefits of application proxy firewalls
Michael Cobb explains the benefits of application proxy firewalls as compared to other firewall technologies including packet filtering firewalls and stateful inspection firewalls or circuit-level gateways. Ask the Expert
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents. Ask the Expert
- See More: Expert Advice on Securing Productivity Applications
-
sheepdip (sheep dipping or a footbath)
In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network. Definition
-
Adobe: Flash security and the Microsoft Active Protections Program
Brad Arkin discusses Adobe's strategy to secure Flash Player and its decision to join the Microsoft Active Protections Program. Video
-
Balancing security and performance: Protecting layer 7 on the network
This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more. Video
-
PCI DSS: Best practices for compliance
In this video, learn about the greatest challenges to PCI compliance, as well as dealing with application security for compliance, encryption and compensating controls. Video
-
Steve Lipner on the Microsoft SDL, critical infrastructure protection
Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection. News
-
IE automatic updates: Better security or more update fatigue?
Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps? Answer
-
Should the new Google privacy policy concern enterprises?
Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses. Tip
-
Adobe Flash Player patch fixes critical holes, releases silent automatic updater
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2 News
-
Adobe issues Flash Player update, fixes Adobe XSS zero-day flaw
An Adobe Systems security update fixed seven critical flaws in Flash Player, including a cross-site scripting vulnerability being actively targeted by attackers. News
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? News
-
Exploring Google Chromebook security for the enterprise
The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News
-
Adobe security update being issued for zero-day in Reader, Acrobat for Windows
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled. News
- See More: All on Securing Productivity Applications
About Securing Productivity Applications
Get the latest news and information about the most popular productivity applications. Get information about flaws in Adobe, Microsoft, and Apple applications and more.