Facing the threat of SSL vulnerabilities

Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely.
Microsoft: Exploit kit boosts Java, HTML attacks

The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report.
Expert advocates more effective pen testing

A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.
How to avoid a breach by finding security 'soft spots'

How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security.

Vulnerability Risk Assessment

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Security School: Data breach prevention strategies

In this lesson, expert Nick Lewis establishes a baseline data breach prevention strategy every enterprise should have in place. Guide
Information security book excerpts and reviews

Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
Quiz: Developing a defense-in-depth strategy for antimalware defense

Take this five-question quiz to evaluate your knowledge of the material presented by expert Lenny Zeltser in this Intrusion Defense School lesson. Quiz
Quiz: Reinventing defense in depth

This quiz is part of SearchSecurity.com’s Intrusion Defense Security School lesson, Reinventing defense in depth. Reinforce your knowledge of the key concepts of this lesson by taking the five-question quiz below. Quiz
CISSP Essentials training: Domain 10, Operations Security

Discover everything you need to know to ace the CISSP® exam with our first series of SearchSecurity.com Security School webcasts focused on CISSP training. Each lesson corresponds to a specific domain in the CISSP exam's "Common Body of Knowledge" --... Security School
Spotlight article: Domain 10, Operations Security

Get a detailed introduction to CISSP exam Domain 10, Operations Security. Security School
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities

Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation ... SearchSecurity Technical
Fuzzing: Brute Force Vulnerability Discovery

In this Chapter 21 excerpt from "Fuzzing: Brute Force Vulnerability Discovery," authors Michael Sutton, Adam Greene, and Pedram Amini examine SPIKE, one of the most popular and widely used fuzzing frameworks. Book Chapter
RSA Conference 2007: Product announcements

RSA Conference 2007: Product announcements Conference Coverage
IAM Security School Final Exam quick quiz

SearchSecurity Retention
See More: Essential Knowledge on Vulnerability Risk Assessment

Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says

The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News | 25 Apr 2012
Defining a full security threat

How would you define a security threat? The correct answer could score the funding you need for your next security project. News | 12 Apr 2012
Expert advocates for more effective pen tests, less complex security

A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012. News | 02 Apr 2012
Longstanding network security problems plague enterprises, Trustwave finds

While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked. News | 07 Feb 2012
Nothing funny about SCADA and ICS security

A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News | 06 Feb 2012
Chromebook security in question due to flawed Google Chrome extensions

Cross-site scripting flaws enable security researchers to bypass Chromebook security and silently steal sensitive data by hijacking browser sessions. News | 03 Aug 2011
Researcher uncovers browser vulnerabilities with cross_fuzz

Security researcher Michal Zalewski said his new cross_fuzz has helped identify about 100 bugs in prominent browsers that include Internet Explorer, Firefox and Opera. Article | 04 Jan 2011
Core Security launches CISO-level pen testing software

The new Core Insight pen testing suite can lay out the history of testing campaigns and the relative threat level of an enterprise's systems. Article | 15 Dec 2010
Compliance burdens hamper vulnerability management processes, survey finds

Survey finds some enterprises are overburdened with compliance issues and are using piecemeal patch testing and deployment processes. Article | 07 Dec 2010
New 'month of bugs' campaign outs LInux-based console flaw

New campaign aims to present detailed binary analysis of known exploits and a new zero-day vulnerability each day. Article | 02 Sep 2010
See More: News on Vulnerability Risk Assessment

Securely implement and configure SSL to ward off SSL vulnerabilities

Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
How to ensure data security by spotting enterprise security weaknesses

How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security. Tip
Exploring Google Chromebook security for the enterprise

The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
Duqu malware advice: Should enterprises worry about the Duqu Trojan?

Enterprise threats expert Nick Lewis offers analysis of the recent Duqu malware outbreak and the Duqu Trojan response enterprises should take. Tip
Windows MBSA scan demo: Conducting a Windows security review

In this screencast, Mike McLaughlin shows how a Windows MBSA scan can help determine client and server patch status during a Windows security review. Tip
Zero-day vulnerabilities and the patch management process: To test or not to test?

Learn whether it’s better to risk exposure and take time to test zero-day patches, or risk business disruption and patch without testing. Tip
Remediating IT vulnerabilities: Quick hits for risk prioritization

There's no way to eradicate all IT vulnerabilities, but spotting the most critical ones is essential. Read these quick hits for risk prioritization. Tip
Balancing compliance with information security threat assessment

Compliance is often the driver for security spending rather than real risks. Learn how to incorporate current threats into a compliance program. Tip
WebScarab tutorial: Demonstration of WebScarab proxy functionalities

In this WebScarab tutorial video, get step-by-step advice on how to install and use this free tool, including the WebScarab proxy features, among others. Tip
Security sandbox program: Defense-in-depth or layered vulnerabilities?

Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise, and do they just add more vulnerabilities than they're worth? Tip
See More: Tips on Vulnerability Risk Assessment

Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?

CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
How Microsoft security assessment tools can benefit your enterprise

Expert Michael Cobb explains how Microsoft security assessment tools can find and help your enterprise fix vulnerabilities in its Windows environment. Answer
Is a full vulnerability disclosure strategy a responsible approach?

When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the question in this response. Ask the Expert
Are RealPlayer, Adobe Shockwave vulnerability risks too great for the enterprise?

Adobe Shockwave and RealNetworks RealPlayer are fun and convenient for enterprise users, but are their vulnerabilities worth the risk of having them? Ask the Expert
Identity management SSO security: Hardening single sign-on systems

Get information on how to harden single sign-on systems for greater security in this response from IAM expert Randall Gamby. Ask the Expert
MD5 security: Time to migrate to SHA-1 hash algorithm?

Many organizations have been replacing the MD5 hash algorithm with the SHA-1 hash function, but can the MD5 hash algorithm still be used securely? Ask the Expert
Using fuzzing for internal application security testing

Superstar security researchers often use fuzzing to find flaws in major vendors' applications, and you can use fuzzers to find vulnerabilities during internal software development. Expert Michael Cobb explains how. Ask the Expert
Should VMware vulnerabilities in JRE impede implementing virtualization?

Could recent VMware vulnerabilities in JRE hamper virtualization implementation? In this expert response, Michael Cobb explains that VMware attacks are theoretical at this point and shouldn't stop you from implementing virtualization if your risk ass... Ask the Expert
Can secure FTP services protect sensitive data from hackers?

Does secure FTP services protect against hackers and attacks? In this expert response, Michael Cobb explains why using a secure FTP service is vital for handling sensitive data transfers. Ask the Expert
What patch management metrics does Project Quant use?

In this Q&A, expert Michael Cobb reviews the open patch management metrics model called Project Quant. Ask the Expert
See More: Expert Advice on Vulnerability Risk Assessment

micro-botnet (mini-botnet or baby botnet)

A micro-botnet, also called a mini-botnet or baby botnet, is a small network of Internet-connected computers that have been hijacked to attack specific companies or individuals within a company. Definition
gray hat (or grey hat)

Gray hat describes a cracker (or, if you prefer, hacker) who exploits a security weakness in a computer system or product in order to bring the weakness to the attention of the owners. Definition

Exploit Intelligence Project: Rethinking information security threat analysis

Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
Jose Granado on the benefits of penetration testing, ‘human hacking’

Ernst & Young’s Jose Granado discusses the benefits of penetration testing and the importance of including “human hacking” as well. Video
IT patch management best practices: Overcoming the challenges

This presentation on vulnerability and IT patch management best practices discusses the challenges of improving testing and deployment processes. Video
Narcissistic vulnerability pimp: Baker on researchers and bug bounties

In a blog post, Verizon Director of Risk Wade Baker proposed a new title for security researchers looking to get attention who release bug information before a patch is released: Narcisstic vulnerability pimps. Video
RSA Conference 2011 preview: State of APT

In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on the state of the advanced persistent threat (APT). Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Researc... Video
Metasploit and software vulnerability testing

Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
Vulnerability mitigation study shows need for faster patching

Qualys CTO Wolfgang Kandek says vendors and administrators need to find ways to speed up the patching cycle. Video
Newest malware threats

What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions. Video
PCI compliance requirement 6: Systems and applications

Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 6: "Develop and maintain secure systems and applications." Video
Cybercrime and threat management

It's no secret that cybercrime is an ever-growing issue for today's security professionals, but what roles and responsibilities need to change as a result of the glut in illicit cyber activity? In this video, Bill Boni, VP of information security and... Video

Securely implement and configure SSL to ward off SSL vulnerabilities

Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
Java, HTML exploits via Black Hole toolkit dominate attacks, Microsoft says

The Black Hole Exploit toolkit is behind the bulk of the HTML and Java exploits, according to version 12 of the Microsoft Security Intelligence Report. News
Defining a full security threat

How would you define a security threat? The correct answer could score the funding you need for your next security project. News
Expert advocates for more effective pen tests, less complex security

A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012. News
How to ensure data security by spotting enterprise security weaknesses

How can a specialized organization spot security weaknesses? Nick Lewis offers a process to help niche companies ensure data security. Tip
Security School: Data breach prevention strategies

In this lesson, expert Nick Lewis establishes a baseline data breach prevention strategy every enterprise should have in place. Guide
Longstanding network security problems plague enterprises, Trustwave finds

While organizations focus on mobile security and other emerging threats, an analysis of more than 2,000 penetration tests conducted by Trustwave found older threats often overlooked. News
Nothing funny about SCADA and ICS security

A researcher calls the state of industrial control system security “laughable” and warns of the consequences of unpatched critical infrastructure that is reachable over the Internet. News
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?

CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
Exploring Google Chromebook security for the enterprise

The Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. Tip
See More: All on Vulnerability Risk Assessment

About Vulnerability Risk Assessment

In this vulnerability and risk assessment resource, get tips and tricks on how to conduct a network vulnerability assessment, vulnerability reporting, scanning, assessment tools and reports.

Latest Headlines

Featured

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

Vulnerability Risk Assessment

Email Alerts

About Vulnerability Risk Assessment

More from Related TechTarget Sites