Security Management Strategies for the CIO
Email Alerts
-
Why SSL certificate security matters
In this Security School, you'll learn about specific methods used to exploit SSL and how to defend against them. partOfGuideSeries
-
Quiz: Why SSL certificate security matters
In this five-question quiz, evaluate your knowledge of our Security School lesson on why SSL certificate security is important. Quiz
-
Choosing a Web security gateway
In this Security School lesson, you'll learn about the different features available in Web security gateways, key product selection considerations and how to ensure the deployment is successful. partOfGuideSeries
-
Web Application Security
This series looks at Web application threats, secure software development practices and the challenge of finding and fixing Web application vulnerabilities. partOfGuideSeries
-
Readers' Choice Awards 2011
Readers vote on the best Web security products, including software and hardware, hosted Web services for inbound and outbound content filtering for malware activity detection and prevention. Guide
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Web application threats and vulnerabilities quiz answers
Security Quiz Answer
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Building trust into mobile computing
The Trusted Computing Group unveiled "use-cases" that describe secure ways in which to implement features and functions of mobile devices. Executive Briefing
-
Know your enemy: Why your Web site is at risk
In this Lesson 1 technical paper from Web Security School, guest instructor Michael Cobb outlines the threats to Web sites and who is behind them. Security School
- See more Essential Knowledge on Web Application and Web 2.0 Threats
-
Website vulnerabilities down, but progress still needed, survey finds
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist. News | 02 May 2013
-
FBI arrests attackers associated with Facebook cybercrime ring
Cybercriminal gang associated with the Butterfly Botnet is believed to have netted more than $850 million by stealing credit card and bank account data. News | 12 Dec 2012
-
UK job search website vulnerability allows unchecked job postings
The website flaw was exposed by hackers who registered as employers and posted a fake job advertisement. News | 11 Dec 2012
-
Adobe issues critical Flash Player update
Critical flaws can be exploited by attackers to take complete control of a victim's machine, the software giant said in an advisory. News | 11 Dec 2012
-
Web app design at the core of coding weaknesses, attacks, says expert
When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc. News | 16 Oct 2012
-
Attack code surfaces targeting Java zero-day flaw
The Java zero-day flaw affects users of Mozilla, Internet Explorer and Safari. News | 28 Aug 2012
-
Oracle releases Java SE 7 Update 6, will support Java for Mac OS X
Oracle said it would begin providing timely security updates to Java for Mac OS X. News | 16 Aug 2012
-
Black Hat 2012: Pepper Flash sandbox bolsters Google Chrome security
Researchers from IBM's X-Force Advanced Research Team demonstrated how an attacker could escape a Flash sandbox implementation at Black Hat. News | 31 Jul 2012
-
Black Hat 2012: Phoenix, Black Hole toolkits rising in sophistication
Attack toolkits have grown in sophistication as cybercriminals add better code obfuscation and other techniques to avoid detection and improve attack effectiveness. News | 17 Jul 2012
-
Black Hat 2012: Google Chrome sandbox security flaws to be exposed
The Google Chrome Native Client was designed to secure browser plug-ins, but researcher Chris Rohlf says Google Chrome sandbox security flaws exist. News | 16 Jul 2012
- See more News on Web Application and Web 2.0 Threats
-
Five common Web application vulnerabilities and how to avoid them
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them. Tip
-
Technical considerations for selecting the best antimalware technology
Mike Rothman discusses the evolution of malware and how today's antimalware products should handle detection and remediation. Tip
-
Antimalware software introduction: Business benefits and drawbacks
Mike Rothman discusses how antimalware software has evolved to develop various business and technology issues, but also still holds many benefits. Tip
-
Remediation planning for Ruby on Rails security vulnerabilities
The recent Ruby on Rails security vulnerabilities can be patched. Expert Michael Cobb discusses the fallout and offers help with remediation planning. Tip
-
Defending against watering hole attacks: Consider using a secure VM
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them. Tip
-
How to secure Java amid growing Java security vulnerabilities
Constant Java security vulnerabilities plague Oracle and enterprises alike. Expert Nick Lewis offers tips on how to use Java and the JRE securely. Tip
-
Secure Web gateway overview: Implementation best practices
In this secure Web gateway overview, learn how to implement, configure and maintain a Web security gateway to support other security devices. Tip
-
Securely implement and configure SSL to ward off SSL vulnerabilities
Recent SSL vulnerabilities have renewed questions about the protocol's security. Expert Nick Lewis covers how to implement and configure SSL securely. Tip
-
Web-facing applications: Mitigating likely Web application threats
New, interactive Web-facing applications are popping up all the time, but expert Nick Lewis advises enterprises on how to be vigilant against Web application threats. Tip
-
VoIP security best practices: Securing communication in the workplace
VoIP communications can be a great money-saver, but without solid VoIP security best practices, it can introduce new risks. Tip
- See more Tips on Web Application and Web 2.0 Threats
-
Identifying and locking down known Java security vulnerabilities
Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java. Answer
-
How to avoid security problems with Java outside the browser
Another Java zero-day vulnerability has a security pro asking threats expert Nick Lewis how Java can safely be used with enterprise applications. Answer
-
Google Chrome clickjacking vulnerability: Time to switch browsers?
Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers. Answer
-
Gaging the security risk posed by the WordPress pingback vulnerability
Security expert Nick Lewis details the WordPress pingback vulnerability and advises whether it is time to update custom WordPress implementations. Answer
-
Adjusting third-party patch management after Flash updates move
Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday. Answer
-
Avoiding the invisible: How to defend against iFrame attacks
How can enterprises and users protect themselves from malicious content embedded in iFrames? Expert Nick Lewis explores iFrame attack mitigations. Answer
-
The SSL handshake process: Public and privates keys explained
Expert Michael Cobb details the SSL handshake and the role of public and private keys in a C2B transaction. Answer
-
Prevent the threat of the Low Orbit Ion Cannon tool, Web-based malware
Recent DDoS attacks by Anonymous show why enterprises must avoid the Low Orbit Ion Cannon tool and other Web-based malware. Expert Nick Lewis explains. AtE
-
Monitoring P2P activity by tracking corporate IP addresses
Mike Chapple discusses whether you should be monitoring P2P activity with site crawling and info gathering websites like YouHaveDownloaded.com. Answer
-
The switch to HTTPS: Understanding the benefits and limitations
Expert Mike Cobb explains the value and limitations of HTTPS, and why making the switch to HTTPS may be easier than it seems. Answer
- See more Expert Advice on Web Application and Web 2.0 Threats
-
content filtering (information filtering)
On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable. Definition
-
Web filter
A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user. Definition
-
Kandek: Most secure Web browser may be one with fewest plug-ins
Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves. Video
-
Web application threats: What you really need to know
In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process. Video
-
Mike Rothman on handling Web application security vulnerabilities
If you have Web apps, odds are you have Web app vulnerabilities. In this interview, Mike Rothman discusses what to do about them. Video
-
Gartner’s Ramon Krikken on Web application security scanners
In this video, learn how to get the most out of Web application security scanners, and the four key elements for a successful implementation. Video
-
Web 2.0 tutorial: Security awareness for Web 2.0 attacks
Robert "Rsnake" Hansen discusses Web 2.0 attacks that pose serious security risks to enterprises and their security landscape. Video
-
Web 2.0 threats illustrated
Find the tools needed to balance between security and business in Web 2.0 platforms. Video
-
Faceoff: Has social networking changed data privacy and security?
In this exclusive conversation, security industry luminaries Hugh Thompson, founder of People Security, and Adam Shostack, author of "The New School of Information Security," discuss the state of social networking and data privacy, and why the social... Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Enterprise social networking: Schneier-Ranum face-off
Is there a way that enterprises can allow social networking securely, or are sites like Facebook and Twitter simply too risky for enterprise consumption? Security experts Bruce Schneier and Marcus Ranum discuss. Video
-
WASC Web Honeypot Project enters next phase
Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data. Video
- See more Multimedia on Web Application and Web 2.0 Threats
-
Identifying and locking down known Java security vulnerabilities
Expert Michael Cobb discusses why known Java security vulnerabilities are on so many endpoints and how to contain them -- without updating Java. Answer
-
How to avoid security problems with Java outside the browser
Another Java zero-day vulnerability has a security pro asking threats expert Nick Lewis how Java can safely be used with enterprise applications. Answer
-
Google Chrome clickjacking vulnerability: Time to switch browsers?
Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers. Answer
-
Gaging the security risk posed by the WordPress pingback vulnerability
Security expert Nick Lewis details the WordPress pingback vulnerability and advises whether it is time to update custom WordPress implementations. Answer
-
Five common Web application vulnerabilities and how to avoid them
Expert Michael Cobb details the five most common Web application vulnerabilities and provides methods to help enterprises to secure them. Tip
-
Technical considerations for selecting the best antimalware technology
Mike Rothman discusses the evolution of malware and how today's antimalware products should handle detection and remediation. Tip
-
Antimalware software introduction: Business benefits and drawbacks
Mike Rothman discusses how antimalware software has evolved to develop various business and technology issues, but also still holds many benefits. Tip
-
Kandek: Most secure Web browser may be one with fewest plug-ins
Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves. Video
-
Website vulnerabilities down, but progress still needed, survey finds
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist. News
-
Adjusting third-party patch management after Flash updates move
Expert Michael Cobb details whether third-party patch management program changes are necessary after the Adobe Flash marriage to Patch Tuesday. Answer
- See more All on Web Application and Web 2.0 Threats
About Web Application and Web 2.0 Threats
Learn best practices and get news and information on recognizing vulnerabilities and defending against Web application and Web 2.0 application attacks and threats.