Security Management Strategies for the CIO
Email Alerts
-
Why SSL certificate security matters
In this Security School, you'll learn about specific methods used to exploit SSL and how to defend against them. partOfGuideSeries
-
Web Application Security
This series looks at Web application threats, secure software development practices and the challenge of finding and fixing Web application vulnerabilities. partOfGuideSeries
-
Book chapter: Browser security principles, same-origin policy exceptions
This is an excerpt from the book Web Application Security: A Beginner’s Guide that describes the intricacies of using script code within the framework of a same-origin policy. Feature
-
Web browser security tutorial: Safari, IE, Firefox browser protection
Newly updated: This Web browser security tutorial identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives and provides tools and tactics to maximize your Web browsing security and browser pro... Learning Guide
-
Spyware Protection and Removal Tutorial
This free spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and most importantly what you can to do to win the war on spyware. Learning Guide
-
State-based attacks: Session management
In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to prote... Book Chapter
-
Firefox security
What if Firefox was as big a target as Internet Explorer? Would it still be the more secure option? Confessed Microsoft enthusiast Brien Posey examines the reality of Firefox's more secure reputation. Opinion
-
SearchSecurity.com's top clicks of 2005
SearchSecurity.com's top five tips, news articles and learning tools from 2005. Top clicks of 2005
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Web Security School Lesson 3
In Lesson 3 of Web Security School, Michael Cobb teaches you how to plan and implement Web directory structures and permissions, and manage secure Web development. Also, a primer on secure coding and data management, and procedures for combating Web ... Security School
- See more Essential Knowledge on Web Browser Security
-
Temporary fix out for Department of Labor website IE8 zero-day
Microsoft is still working on a permanent fix for the IE8 zero-day found in the Dept. of Labor website attack. Also: Adobe preps ColdFusion patch. News | 09 May 2013
-
Spam campaign abuses flaw tricking thousands with shortened .gov URLs
Spammers have spoofed shortened URLs designed to validate redirects to several states including California, Iowa, Indiana and Vermont. News | 18 Oct 2012
-
Microsoft to issue emergency Internet Explorer update Friday
A temporary automated fix plugging the dangerous flaw is available until an official patch is released. News | 20 Sep 2012
-
Java sandboxing could thwart attacks, but design may be impossible
Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more. News | 29 Aug 2012
-
Google Pwnium hacking contest backed with $2 million in rewards
The search engine giant is doubling its payout when it holds its Pwnium 2 hacking contest in October at the Hack In the Box conference in Malaysia. News | 16 Aug 2012
-
Oracle releases Java SE 7 Update 6, will support Java for Mac OS X
Oracle said it would begin providing timely security updates to Java for Mac OS X. News | 16 Aug 2012
-
Black Hat 2012: Pepper Flash sandbox bolsters Google Chrome security
Researchers from IBM's X-Force Advanced Research Team demonstrated how an attacker could escape a Flash sandbox implementation at Black Hat. News | 31 Jul 2012
-
Black Hat 2012: Google Chrome sandbox security flaws to be exposed
The Google Chrome Native Client was designed to secure browser plug-ins, but researcher Chris Rohlf says Google Chrome sandbox security flaws exist. News | 16 Jul 2012
-
Google detects 9,500 new malicious websites daily
Malicious sites discovered via Google’s Safe Browsing effort include compromised websites and others designed for malware distribution or phishing. News | 20 Jun 2012
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News | 28 Mar 2012
- See more News on Web Browser Security
-
Time to ban dangerous apps? Exploring third-party app security
Column: Third-party applications are hard to patch and easy to exploit. Is it time to ban some apps, or to take a new approach? Opinion
-
HTML5 security: Will HTML5 replace Flash and increase Web security?
Will HTML5 replace Flash? Expert Michael Cobb discusses whether HTML5 security is better than Flash, and why HTML5 traffic can be harder to secure. Tip
-
Addressing the dangers of JavaScript in the enterprise
The dangers of JavaScript are no secret to security professionals. Expert Michael Cobb discusses enterprise JavaScript defense technology and tactics. Tip
-
Is private browsing really private? Identifying Web browser risk
Private browsing may offer users a false sense of security when surfing the Web. In this expert tip, learn how private browsing really works, and how to mitigate its risks. Tip
-
Assessing Internet Explorer 9 security: Safest browser ever?
Research shows Internet Explorer 9 security identifies as much as 99% of potential malware. So is IE9 now the safest browser out there? Michael Cobb answers that question in this expert tip. Tip
-
Secure browsing: Free plug-in lessens social networking security risks
Looking for ways to improve employees' browsing security? Learn about the free SecureBrowsing plug-in from M86 Security that can lessen social networking security risks. Tip
-
Evaluating tools for online bank security
Criminals are hijacking online bank accounts with sophisticated bank Trojans but a variety of technologies promise online bank security. In this tip, Dave Shackleford examines the pros and cons of tools designed to thwart online banking fraud. Tip
-
Operation Aurora: Tips for thwarting zero-day attacks, unknown malware
In December 2009, Google, Adobe and other companies were the victims of a damaging cyberattack called Operation Aurora. In this tip, expert Nick Lewis outlines the lessons learned from this attack, and how companies can avoid falling victim to simila... Tip
-
Should you disable IE ESC, or manage it in Windows servers?
Internet Explorer Enhanced Security Configuration (IE ESC) locks down IE on Windows servers, but admins often disable it. Tip
-
IE 8 beta 2 security features may mark improvements for browser security
Despite Microsoft's previous best efforts to build a more secure browser, some users may have been discouraged with Internet Explorer 7. That may change now with the beta release of IE 8. Michael Cobb explores the latest browser's security features a... Tip
-
Preparing for uniform resource identifier (URI) exploits
URIs have always been a user-friendly way to recognize and access Web resources. By crafting malicious URLs and manipulating protocol handlers, however, attackers have devised new attacks that take advantage of the URI's locator functionality. Web se... Tip
- See more Tips on Web Browser Security
-
Does Content-Agnostic Malware Protection improve Chrome security?
Expert Michael Cobb explains how Content-Agnostic Malware Protection, or CAMP for Chrome, works and whether the feature improves Chrome security. Answer
-
Can an unqualified domain name cause man-in-the-middle attacks?
An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Answer
-
What is OCSP? Understanding the Online Certificate Status Protocol
Expert Michael Cobb explains the CASC's Online Certificate Status Protocol (OCSP) and OCSP stapling. Answer
-
Google Chrome clickjacking vulnerability: Time to switch browsers?
Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers. Answer
-
Analyzing updated man-in-the-browser attack techniques
Do man-in-the-browser attack prevention tactics need to be updated as the attacks themselves take on new characteristics? Expert Nick Lewis discusses. Answer
-
Bing security: Is search engine poisoning a problem for Bing users?
Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security. Answer
-
What will the HSTS protocol mean for Web security?
Matthew Pascucci discusses what effect the new HSTS protocol could have on Web security and on preventing man-in-the-middle attacks. Answer
-
How to protect users exposed to cache poisoning attacks by HTML5
Expert Nick Lewis explains how the HTML5 offline application cache exposes users to the threat of cache poisoning and provides mitigation options. Answer
-
How to address gTLD security as ICANN accepts more applications
Expert Michael Cobb provides advice on addressing gTLD security as ICANN accepts more and more domain extension applications. Answer
-
Will Firefox security improve with browser plug-in check?
Will Mozilla's possible support of a browser plug-in check improve Firefox security? Expert Nick Lewis discusses the pros and cons of the feature. Answer
- See more Expert Advice on Web Browser Security
-
SEO poisoning (search poisoning)
Search poisoning, also known as search engine poisoning, is an attack involving malicious websites that are designed to show up prominently in search results. The sites associated with the links may infect visitors with malware or fraudulently access... Definition
-
honey monkey
A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet. The expression, coined by Microsoft, is based on the term honey pot, which refers to a computer system expre... Definition
-
JavaScript hijacking
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued) Definition
-
NCSA
NCSA at the University of Illinois in Urbana, Illinois is the home of the first Web browser that had a graphical user interface. Definition
-
cache cramming
Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run. Definition
-
browser hijacker (hijackware)
A browser hijacker (sometimes called hijackware) is a type of malware program that alters your computer's browser settings so that you are redirected to Web sites that you had no intention of visiting. Definition
-
cache poisoning (domain name system poisoning or DNS cache poisoning)
Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. Definition
-
Kandek: Most secure Web browser may be one with fewest plug-ins
Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves. Video
-
IE9 security, Apple security issues: Video with Gartner’s Neil MacDonald
In this video, Gartner’s Neil MacDonald discusses patch management, IE9 security, his Windows 8 security wish list and protecting Apple computers. Video
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Mozilla security chief on Firefox improvements
Mozilla's "human shield" Johnathan Nightingale discusses Firefox browser privacy and security issues at the recent Black Hat briefings in Las Vegas. Video
-
Top five ways to keep users safe from today's Web-based threats
42% of security professionals surveyed by SearchSecurity.com said they'll be spending more time on threat management in 2008 than they did in 2007. This Podcast details the top five ways to defend against today's Web-based threats and discusses how t... Podcast
-
Podcast: More or less, a browser security comparison
Expert Peter Gregory offers a browser security comparison, Firefox vs. IE 7, as well as advice on how to decide which is right for your organization. Podcast
-
Does Content-Agnostic Malware Protection improve Chrome security?
Expert Michael Cobb explains how Content-Agnostic Malware Protection, or CAMP for Chrome, works and whether the feature improves Chrome security. Answer
-
Can an unqualified domain name cause man-in-the-middle attacks?
An unqualified domain name can make reaching internal resources easier, but expert Michael Cobb warns that man-in-the-middle attacks could result. Answer
-
What is OCSP? Understanding the Online Certificate Status Protocol
Expert Michael Cobb explains the CASC's Online Certificate Status Protocol (OCSP) and OCSP stapling. Answer
-
Google Chrome clickjacking vulnerability: Time to switch browsers?
Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers. Answer
-
Temporary fix out for Department of Labor website IE8 zero-day
Microsoft is still working on a permanent fix for the IE8 zero-day found in the Dept. of Labor website attack. Also: Adobe preps ColdFusion patch. News
-
Kandek: Most secure Web browser may be one with fewest plug-ins
Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves. Video
-
Analyzing updated man-in-the-browser attack techniques
Do man-in-the-browser attack prevention tactics need to be updated as the attacks themselves take on new characteristics? Expert Nick Lewis discusses. Answer
-
Bing security: Is search engine poisoning a problem for Bing users?
Is Microsoft's Bing search engine more susceptible to search engine poisoning than Google? Expert Michael Cobb discusses Bing security. Answer
-
What will the HSTS protocol mean for Web security?
Matthew Pascucci discusses what effect the new HSTS protocol could have on Web security and on preventing man-in-the-middle attacks. Answer
-
Why SSL certificate security matters
In this Security School, you'll learn about specific methods used to exploit SSL and how to defend against them. partOfGuideSeries
- See more All on Web Browser Security
About Web Browser Security
This resource center provides news, expert advice, and learning tools regarding browser security including flaws, threats, problems, errors and vulnerabilities and offers solutions for patching and fixing them. This section covers Internet Explorer, Firefox, Opera, Safari, Google Chrome and more.