-
Web Security School Lesson 2
In Lesson 2 of Web Security School, guest instructor Michael Cobb explains what to expect and look for when analyzing an attack on your Web server. Security School
-
Quiz: Identify and analyze Web server attacks
Test your knowledge of the material covered in the "Identify and analyze Web server attacks" section of Intrusion Defense School. Security School
-
Lesson 1 Quiz, Answer No. 2
Lesson 1 Quiz, Answer No. 2 Security School
-
Lesson 1 Quiz, Answer No. 1
Web Security School: Lesson 1 Quiz, Answer No. 1 Security School
-
Lesson 1 Quiz, Answer No. 3
Lesson 1 Quiz, Answer No. 3 Security School
-
Quiz: Web attack prevention and defense
Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server. Security School
-
Lesson 1 Quiz, Answer No. 5
Lesson 1 Quiz, Answer No. 5 Security School
-
Lesson 1 Quiz, Answer No. 4
Lesson 1 Quiz, Answer No. 4 Security School
-
A new era of computer worms: Wireless mobile worms
In this excerpt of Chapter 9 from "The Art of Computer Virus Research and Defense," author Peter Szor dissects the Cabir worm. Book Chapter
-
The 'ultimate' in virus analysis theory and practice
Information Security magazine reviews Peter Szor's "The Art of Computer Virus Research and Defense." Books
- See More: Essential Knowledge on Web Application and Web 2.0 Threats
-
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix. News | 30 Jan 2012
-
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems. News | 24 Jan 2012
-
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers. News | 30 Nov 2011
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News | 28 Nov 2011
-
Web application risks exacerbated by social media ties, says ISACA
Asynchronous JavaScript Technology, XML, Flash and HTML 5 enable a rich Web experience, but also give attackers an alarming number of ways to penetrate corporate networks. News | 26 Oct 2011
-
Typosquatters continue to plague enterprises, trap victims
Cybercriminals are using the old technique to lure victims into giving up personal information and potentially infect their systems with malware. News | 13 Sep 2011
-
Realities of dealing with Web app security flaws
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video | 01 Sep 2011
-
Automated attack toolkits single biggest threat to Web apps, report finds
Automated attack tools are targeting directory traversal bugs, cross-site scripting errors, SQL injection flaws and remote file inclusion vulnerabilities. News | 26 Jul 2011
-
Citigroup attack highlights insufficient authorization error
Citigroup hackers used a common website vulnerability to bypass security controls and reap confidential banking data. News | 14 Jun 2011
-
Barracuda Networks breached by SQL injection attack
An attacker took email addresses of channel partners, sales leads and encrypted passwords of some Barracuda employees. News | 12 Apr 2011
- See More: News on Web Application and Web 2.0 Threats
-
VoIP security best practices: Securing communication in the workplace
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks. Tip
-
Malvertisements: Mitigating malicious advertisement malware
Expert Michael Cobb explains why malvertisements are so hard to control and what enterprises can do to help mitigate the risk of malicious advertisement malware. Tip
-
PCI DSS 2.0: PCI assessment changes explained
PCI DSS expert Ed Moyle explains how the changes in PCI DSS 2.0 will affect companies during the PCI assessment process. Tip
-
PCI 2.0: Changes aren't drastic, but don't address card brand autonomy
In this first look at the changes in PCI DSS version 2.0, expert Diana Kelley says most compliance programs won't be drastically affected, but some of the standard's key shortcomings remain. Tip
-
Microsoft IIS 7 security best practices
Are you up to date with Microsoft IIS security best practices? Don't allow your enterprise to become vulnerable. Tip
-
A pre-implementation Windows 7 security guide for enterprises
Many enterprises are preparing to upgrade to Windows 7, but what are the security advantages and implications of the move? Expert Michael Cobb has the answers. Tip
-
How to build a toolset to avoid Web 2.0 security issues
An enterprise defense-in-depth strategy should include security tools that monitor, prevent, alert, encrypt and quarantine data from leaving your network, as well as processes put in place to monitor the Web for sensitive data that may have leaked. Tip
-
Alternatives to password-reset questions tackle social networking cons
With so much personal information available on the Internet, finding the answers to someone's password-reset questions can be quite easy. In this tip, learn about alternatives to the password-reset question option that can lead to more secure Interne... Tip
-
Web 2.0 widgets: Enterprise protection for Web add-ons
Web 2.0 widgets represent a threat vector that should not be overlooked at any enterprise organization. In this tip, Nick Lewis explains what a Web 2.0 widget is, and how companies can protect against them. Tip
-
An enterprise strategy for Web application security threats
People Security founder Hugh Thompson reviews the tools and tactics, from security assessments to Web application firewalls, that are essential to an application security strategy. Tip
- See More: Tips on Web Application and Web 2.0 Threats
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Scareware removal: How to get rid of fake AV malware
Threats expert Nick Lewis explains how to prevent and remove scareware infections. Answer
-
SSL alternatives? Crafting Web-security programs for emerging threats
Expert Nick Lewis reacts to breaches at SSL certificate issuers and tackles whether enterprises should turn to SSL alternatives. Answer
-
Can any one endpoint security system prevent all types of Web attacks?
Is there one tool that combines all the functionalities needed to protect against Web-based attacks? Expert Nick Lewis weighs in. Answer
-
How to protect against the Bredolab virus Trojan in job applications
Learn more about a recent Bredolab Trojan exploit involving online job applications, and how you can protect your organization from such threats. Answer
-
How to ensure the security of financial transactions online
Financial transactions are some of the most high-risk activities performed online. Expert Nick Lewis gives advice to financial firms on how they can prevent online transaction fraud. Answer
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits. Answer
-
After Facebook attack, has the threat of clickjacking attacks increased?
Learn more about the recent Facebook attack, and how clickjacking attacks in general can affect enterprise information security in this expert response from Nick Lewis. Ask the Expert
-
Defending against SEO attacks in the enterprise
Learn about the different types of SEO attacks, and how you can go about stopping them in your enterprise organization. Ask the Expert
-
What controls should be used to block social networking sites?
Find out what controls companies can use to block social networking sites. Ask the Expert
- See More: Expert Advice on Web Application and Web 2.0 Threats
-
Web application threats: What you really need to know
In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process. Video
-
Mike Rothman on handling Web application security vulnerabilities
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video
-
Gartner’s Ramon Krikken on Web application security scanners
In this video, learn how to get the most out of Web application security scanners, and the four key elements for a successful implementation. Video
-
Web 2.0 tutorial: Security awareness for Web 2.0 attacks
Robert "Rsnake" Hansen discusses Web 2.0 attacks that pose serious security risks to enterprises and their security landscape. Video
-
Web 2.0 threats illustrated
Find the tools needed to balance between security and business in Web 2.0 platforms. Video
-
Face-off: Has social networking changed data privacy forever?
In this exclusive conversation, security industry luminaries Hugh Thompson, founder of People Security, and Adam Shostack, author of "The New School of Information Security," discuss the state of social networking and data privacy, and why the social... Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Schneier-Ranum face-off, part 2: Social networking
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise consumption? Security experts Bruce Schneier and Marcus Ranum discuss. Video
-
WASC Web Honeypot Project enters next phase
Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data. Video
-
FAQ: Corporate Web 2.0 Threats
In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs. ... Video
- See More: Multimedia on Web Application and Web 2.0 Threats
-
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix. News
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems. News
-
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers. News
-
Twitter acquires WhisperSystems mobile security technology
Twitter acquired WhisperSystems, a firm that makes mobile encryption and firewall technology for Android devices. News
-
Web application threats: What you really need to know
In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process. Video
-
Web application risks exacerbated by social media ties, says ISACA
Asynchronous JavaScript Technology, XML, Flash and HTML 5 enable a rich Web experience, but also give attackers an alarming number of ways to penetrate corporate networks. News
-
Scareware removal: How to get rid of fake AV malware
Threats expert Nick Lewis explains how to prevent and remove scareware infections. Answer
-
Readers' Choice Awards 2011
null
-
Typosquatters continue to plague enterprises, trap victims
Cybercriminals are using the old technique to lure victims into giving up personal information and potentially infect their systems with malware. News
- See More: All on Web Application and Web 2.0 Threats
About Web Application and Web 2.0 Threats
Learn best practices and get news and information on recognizing vulnerabilities and defending against Web application and Web 2.0 application attacks and threats.