Security Management Strategies for the CIO
Email Alerts
-
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
For anyone who doesn't speak NASL, network security expert Mike Chapple has a firm handle on the Nessus Attack Scripting Language. In this brand-new addition to our Nessus 3 Tutorial, Chapple provides examples of NASL scripts that can find known vul... Tip
-
PCI compliance and Web applications: Code review or firewalls?
The Payment Card Industry Data Security Standard is about to get a new wrinkle involving Web applications. As of June 30, 2008, to achieve PCI compliance, enterprises must either have their custom Web application code reviewed or install Web applicat... Tip
-
Developing a patch management policy for third-party applications
Enterprises may push the latest critical Windows patches once a month, but here's a dirty little secret: Most organizations don't bother patching their third-party applications. The diversity of client-side software -- including everything from Acrob... Tip
-
A new twist on PCI DSS: Visa's Payment Application Best Practices
The Payment Card Industry (PCI) Security Standards Council is poised to issue another mandate, this time adding Visa's Payment Application Best Practices (PABP) into the compliance mix. New contributor Stephen Cobb examines Visa's controls and how bu... Tip
-
How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities
For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how th... Tip
-
Google Desktop gets scarier
As if the threats posed by Google Desktop weren't enough, Google's latest release is chock-full of new dangers -- especially to enterprises. In this tip, security guru Mike Chapple reviews Google Desktop 3 and its "Search Across Computers" feature, a... Tip
-
How to tame Google Desktop
Although not classified as spyware, if left unmanaged and unmonitored desktop search engines, like Google Desktop, can introduce serious security concerns. This tip examines these risks and explains how to block or secure Google Desktop in the enterp... Tip
-
Make your systems "crunchy" on the inside, not just the outside
These days, you need some "crunch" all the way through, and not just on the perimeter of your network. Tip
-
Improving performance and security by disabling unneeded services
How disabling unneeded services can help improve performance and security. Tip
-
The hauntings of the feature rich
Sometimes features and backward compatibility can leave you with unknown security holes. Tip