Security Management Strategies for the CIO
Email Alerts
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy. Feature
-
Web browser security tutorial: Safari, IE, Firefox browser protection
Newly updated: This Web browser security tutorial identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives and provides tools and tactics to maximize your Web browsing security and browser pro... Learning Guide
-
Spyware Protection and Removal Tutorial
This free spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware. Learning Guide
-
State-based attacks: Session management
In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to prote... Book Chapter
-
Firefox security
What if Firefox was as big a target as Internet Explorer? Would it still be the more secure option? Confessed Microsoft enthusiast Brien Posey examines the reality of Firefox's more secure reputation. Opinion
-
SearchSecurity.com's top clicks of 2005
SearchSecurity.com's top five tips, news articles and learning tools from 2005. Top clicks of 2005
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Web Security School Lesson 3
In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web ... Security School
-
Is spyware getting the best of you?
With spyware present in the majority of corporate PCs, chances are good that it's rampant in your systems. Find out how much you know about beating spyware with this quiz. Security Quiz
-
Test drive: Firefox enhancements make IE look like an 'artifact'
Our reviewer takes Firefox 1.0.1 for a spin. Review
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News | 28 Mar 2012
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News | 29 Feb 2012
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News | 06 Feb 2012
-
Phoenix Exploit Kit responsible for mass WordPress compromises
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix. News | 30 Jan 2012
-
Fake Firefox update delivers malware, exploit kits
Malicious webpages masquerading as browser updates are being used by attackers as launch pads for Trojan viruses and exploit kits. News | 27 Jan 2012
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are notoriously hard to patch and often easy to exploit. Is it time to ban applications, or can they be secured with a new approach? News | 27 Jan 2012
-
Twitter acquires Dasient in security buying spree, Android platform focus
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems. News | 24 Jan 2012
-
Black Hole kit fuels drive-by attacks, rogue antivirus declines, Sophos finds
The Black Hole crimeware kit has caused drive-by attacks to surge, according to the Sophos 2012 threat report. News | 24 Jan 2012
-
Adobe repairs critical Reader, Acrobat flaws, adds JavaScript control
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution. News | 10 Jan 2012
-
HTML 5 security issues pose challenges for enterprises, experts say
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers. News | 30 Nov 2011
- See More: News on Web Browser Security
-
HTML5 security: Will HTML5 replace Flash and increase Web security?
Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure. Tip
-
Addressing the dangers of JavaScript in the enterprise
The dangers of JavaScript are no secret to security professionals. Expert Michael Cobb discusses enterprise JavaScript defense technology and tactics. Tip
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
Assessing Internet Explorer 9 security: Safest browser ever?
Research shows Internet Explorer 9 security identifies as much as 99% of potential malware. So is IE9 now the safest browser out there? Michael Cobb answers that question in this expert tip. Tip
-
Secure browsing: Free plug-in lessens social networking security risks
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks. Tip
-
Evaluating tools for online bank security
Criminals are hijacking online bank accounts with sophisticated bank Trojans but a variety of technologies promise online bank security. In this tip, Dave Shackleford examines the pros and cons of tools designed to thwart online banking fraud. Tip
-
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to simila... Tip
-
Should you disable IE ESC, or manage it in Windows servers?
Internet Explorer Enhanced Security Configuration (IE ESC) locks down IE on Windows servers, but admins often disable it. Tip
-
IE 8 beta 2 security features may mark improvements for browser security
Despite Microsoft's previous best efforts to build a more secure browser, some users may have been discouraged with Internet Explorer 7. That may change now with the beta release of IE 8. Michael Cobb explores the latest browser's security features a... Tip
-
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web se... Tip
- See More: Tips on Web Browser Security
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
Adobe and HTML 5: Safer than Flash mobile development?
Expert Nick Lewis determines whether the combination of Adobe and HTML 5 will be safer for enterprises than Flash mobile development. Answer
-
IE automatic updates: Better security or more update fatigue?
Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps? Answer
-
Web browser security comparison: Are Firefox security issues legit?
Expert Mike Cobb reacts to a Google-funded Web browser security comparison and whether it highlights legitimate enterprise Firefox security issues. Answer
-
Exploring Google Chrome Frame security and legacy Web applications
Can legacy Web applications benefit from the Google Chrome Frame security and interoperability capabilities? Nick Lewis gives his take. Answer
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Securing IE with plug-ins Google Chrome Frame and IETab
Web browser plug-ins can bolster IE security for legacy apps that have to run on outdated versions of Internet Explorer. Answer
-
Assessing Google Chrome extension flaws and Chromebook security
Learn how flaws in the Google Chrome extensions affect the Chromebook security and the role they play in a risk assessment. Answer
- See More: Expert Advice on Web Browser Security
-
honey monkey
A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system express... Definition
-
JavaScript hijacking
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued) Definition
-
NCSA
NCSA at the University of Illinois in Urbana, Illinois is the home of the first Web browser that had a graphical user interface. Definition
-
cache cramming
Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run. Definition
-
browser hijacker (hijackware)
A browser hijacker (sometimes called hijackware) is a type of malware program that alters your computer's browser settings so that you are redirected to Web sites that you had no intention of visiting. Definition
-
cache poisoning (domain name system poisoning or DNS cache poisoning)
Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. Definition
-
Gartner’s Neil MacDonald on IE9 security, Apple security issues
In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Mozilla security chief on Firefox improvements
Mozilla's "human shield" Johnathan Nightingale discusses Firefox browser privacy and security issues at the recent Black Hat briefings in Las Vegas. Video
-
Top five ways to keep users safe from today's Web-based threats
42% of security professionals surveyed by SearchSecurity.com said they'll be spending more time on threat management in 2008 than they did in 2007. This Podcast details the top five ways to defend against today's Web-based threats and discusses how t... Podcast
-
Threat of SSL malware highlights SSL security issues
Expert Nick Lewis highlights SSL security issues and the threat of SSL malware being transmitted via HTTPS. Is this a serious blow to SSL security? Answer
-
Adobe and HTML 5: Safer than Flash mobile development?
Expert Nick Lewis determines whether the combination of Adobe and HTML 5 will be safer for enterprises than Flash mobile development. Answer
-
HTML5 security: Will HTML5 replace Flash and increase Web security?
Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure. Tip
-
IE automatic updates: Better security or more update fatigue?
Expert Michael Cobb deciphers the reasons behind Microsoft's new IE automatic updates. Will they combat update fatigue, or risk breaking Web apps? Answer
-
Web browser security comparison: Are Firefox security issues legit?
Expert Mike Cobb reacts to a Google-funded Web browser security comparison and whether it highlights legitimate enterprise Firefox security issues. Answer
-
Exploring Google Chrome Frame security and legacy Web applications
Can legacy Web applications benefit from the Google Chrome Frame security and interoperability capabilities? Nick Lewis gives his take. Answer
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News
-
RSA 2012: SSL certificate authority security takes a beating
Researcher Moxie Marlinspike came down on certificate authority security at RSA Conference 2012, calling for trusted notary servers as an alternative. News
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy. Feature
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News
- See More: All on Web Browser Security
About Web Browser Security
This resource center provides news, expert advice, and learning tools regarding browser security including flaws, threats, problems, errors and vulnerabilities and offers solutions for patching and fixing them. This section covers Internet Explorer, Firefox, Opera, Safari, Google Chrome and more.