Security Management Strategies for the CIO
Email Alerts
-
Will Cisco's plan to open access to the IOS improve network security?
If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement. Ask the Expert
-
Best practices for using restriction policy whitelists
Ed Skoudis discusses which systems should be considered for software restriction policy whitelists, and unveils how whitelisting can improve security. Ask the Expert
-
Application hardening tools help repel software pirates
Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit. Article
-
What software development practices prevent input validation attacks?
Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Ask the Expert
-
Former @stake researchers rekindle past, discuss Symantec spin-off
Dennis Fisher talks to early members of @stake about its history, culture and the company's continued influence on the security industry. Interview
-
Federal aid helps uncover open source flaws
A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL. Article
-
Enterprise security in 2008: Building trust into the application development process
The Storm botnet, launched a year ago, proved that malicious hackers were developing more sophisticated botnets -- and more sophisticated business strategies. As Michael Cobb explains, it's just one reason why application security pros need to keep a... Tip
-
Geekonomics: The Real Cost of Insecure Software
In Chapter 1 of his new book, "Geekonomics: The Real Cost of Insecure Software," David Rice examines why software manufacturers continue to produce (and consumers continue to purchase) unreliable and insecure software. Book Chapter
-
Cross-build injection attacks: Keeping an eye on Web applications' open source components
Web application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build in... Tip
-
Group releases Java standards for secure development
The Secure Programming Council is releasing a set of essential skills for Java developers in an effort to improve software security and educate new programmers. Article