Security Management Strategies for the CIOEmail Alerts
-
Readers' Choice Awards 2011
null
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Web application threats and vulnerabilities quiz answers
Security Quiz Answer
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Building trust into mobile computing
The Trusted Computing Group unveiled "use-cases" that describe secure ways in which to implement features and functions of mobile devices. Executive Briefing
-
Know your enemy: Why your Web site is at risk, Part 2
Guest instructor Michael Cobb continues his discussion of Web site threats and who is behind them. Security School
-
Know your enemy: Why your Web site is at risk
In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Security School
-
Quiz: Secure Web directories and development
Evaluate your knowledge of Web threats and how to defeat them. Questions cover security risks of dynamically created content and proper security management. Security School
-
Web Security School Lesson 3
In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web ... Security School
-
Web Security School Lesson 1
Learn how to plan and perform a secure installation of your Web server's operating system and services. Security School
- See More: Essential Knowledge on Web Application and Web 2.0 Threats
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News | 18 Apr 2012
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News | 06 Feb 2012
-
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix. News | 30 Jan 2012
-
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems. News | 24 Jan 2012
-
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers. News | 30 Nov 2011
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News | 28 Nov 2011
-
Web application risks exacerbated by social media ties, says ISACA
Asynchronous JavaScript Technology, XML, Flash and HTML 5 enable a rich Web experience, but also give attackers an alarming number of ways to penetrate corporate networks. News | 26 Oct 2011
-
Typosquatters continue to plague enterprises, trap victims
Cybercriminals are using the old technique to lure victims into giving up personal information and potentially infect their systems with malware. News | 13 Sep 2011
-
Realities of dealing with Web app security flaws
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video | 01 Sep 2011
-
Automated attack toolkits single biggest threat to Web apps, report finds
Automated attack tools are targeting directory traversal bugs, cross-site scripting errors, SQL injection flaws and remote file inclusion vulnerabilities. News | 26 Jul 2011
- See More: News on Web Application and Web 2.0 Threats
-
Securely implement and configure SSL to ward off SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
-
Web-facing applications: Mitigating likely Web application threats
New, interactive Web-facing applications are popping up all the time, but expert Nick Lewis advises enterprises on how to be vigilant against Web application threats. Tip
-
VoIP security best practices: Securing communication in the workplace
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks. Tip
-
Malvertisements: Mitigating malicious advertisement malware
Expert Michael Cobb explains why malvertisements are so hard to control and what enterprises can do to help mitigate the risk of malicious advertisement malware. Tip
-
PCI 2.0: Changes aren't drastic, but don't address card brand autonomy
In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain. Tip
-
PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process. Tip
-
Microsoft IIS 7 security best practices
Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable. Tip
-
A pre-implementation Windows 7 security guide for enterprises
Many enterprises are preparing to upgrade to Windows 7, but what are the security advantages and implications of the move? Expert Michael Cobb has the answers. Tip
-
How to build a toolset to avoid Web 2.0 security issues
An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monitor the Web for sensitive data that may have leaked. Tip
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
- See More: Tips on Web Application and Web 2.0 Threats
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Scareware removal: How to get rid of fake AV malware
Threats expert Nick Lewis explains how to prevent and remove scareware infections. Answer
-
Drive-by virus: How to prevent drive-by download malware
There are several security strategies enterprises can implement to prevent drive-by download malware infections. Get tips in this expert response. Answer
-
SSL alternatives? Crafting Web-security programs for emerging threats
Expert Nick Lewis reacts to breaches at SSL certificate issuers and tackles whether enterprises should turn to SSL alternatives. Answer
-
Can any one endpoint security system prevent all types of Web attacks?
Is there one tool that combines all the functionalities needed to protect against Web-based attacks? Expert Nick Lewis weighs in. Answer
-
How to protect against the Bredolab virus Trojan in job applications
Learn more about a recent Bredolab Trojan exploit involving online job applications, and how you can protect your organization from such threats. Answer
-
How to ensure the security of financial transactions online
Financial transactions are some of the most high-risk activities performed online. Expert Nick Lewis gives advice to financial firms on how they can prevent online transaction fraud. Answer
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits. Answer
-
After Facebook attack, has the threat of clickjacking attacks increased?
Learn more about the recent Facebook attack, and how clickjacking attacks in general can affect enterprise information security in this expert response from Nick Lewis. Ask the Expert
- See More: Expert Advice on Web Application and Web 2.0 Threats
-
content filtering (information filtering)
On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable. Definition
-
Web filter
A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user. Definition
-
Web application threats: What you really need to know
In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process. Video
-
Mike Rothman on handling Web application security vulnerabilities
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video
-
Gartner’s Ramon Krikken on Web application security scanners
In this video, learn how to get the most out of Web application security scanners, and the four key elements for a successful implementation. Video
-
Web 2.0 tutorial: Security awareness for Web 2.0 attacks
Robert "Rsnake" Hansen discusses Web 2.0 attacks that pose serious security risks to enterprises and their security landscape. Video
-
Web 2.0 threats illustrated
Find the tools needed to balance between security and business in Web 2.0 platforms. Video
-
Face-off: Has social networking changed data privacy forever?
In this exclusive conversation, security industry luminaries Hugh Thompson, founder of People Security, and Adam Shostack, author of "The New School of Information Security," discuss the state of social networking and data privacy, and why the social... Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Schneier-Ranum face-off, part 2: Social networking
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise consumption? Security experts Bruce Schneier and Marcus Ranum discuss. Video
-
WASC Web Honeypot Project enters next phase
Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data. Video
-
FAQ: Corporate Web 2.0 Threats
In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs. ... Video
- See More: Multimedia on Web Application and Web 2.0 Threats
-
Securely implement and configure SSL to ward off SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News
-
Web-facing applications: Mitigating likely Web application threats
New, interactive Web-facing applications are popping up all the time, but expert Nick Lewis advises enterprises on how to be vigilant against Web application threats. Tip
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News
-
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix. News
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems. News
-
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers. News
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News
- See More: All on Web Application and Web 2.0 Threats
About Web Application and Web 2.0 Threats
Learn best practices and get news and information on recognizing vulnerabilities and defending against Web application and Web 2.0 application attacks and threats.