Security Management Strategies for the CIOEmail Alerts
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Web site attacks and how to defeat them
In this primer, learn how Web sites are attacked and how you can prevent yours from being victimized. Security School
-
Insider's guide to IIS Web server security
In this primer, learn about IIS Web server hardening procedures, access control, security policies, and backup and recovery strategies. Primer
-
Essential versus nonessential services for a Windows Web server
Use this security checklist to harden your IIS Web server. Security School
-
Quiz answers: Blocking Web anonymizers
SearchSecurity Retention
-
SearchSecurity.com's top clicks of 2005
SearchSecurity.com's top five tips, news articles and learning tools from 2005. Top clicks of 2005
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Building trust into mobile computing
The Trusted Computing Group unveiled "use-cases" that describe secure ways in which to implement features and functions of mobile devices. Executive Briefing
-
Quiz: What's your infosec IQ?
Test your information security IQ with this short quiz. Security Quiz
-
Controlling Web access with Apache
How to meet access control requirements with Apache and IIS Web servers. Book Chapter
- See More: Essential Knowledge on Web Server Threats and Countermeasures
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News | 15 Nov 2011
-
Oracle issues out-of-band Apache update
Oracle Corp. has issued an out-of-band security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw. News | 19 Sep 2011
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild. News | 31 Aug 2011
-
Microsoft plans emergency update for ASP.NET encryption flaw
Attackers are targeting a weakness in the ASP.NET Web application framework. A fix is expected today at 1 p.m. ET. Article | 28 Sep 2010
-
Black Hat: Researchers poke holes in HTTPS, SSL Web browser security
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack. Article | 29 Jul 2010
-
SQL Injection attack used in breach of 168,000 Netherlands travelers
Attacker gains access to Netherlands-based smartcard website revealing customer information. News | 18 May 2010
-
Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
Software giant dismisses the critical nature of the Internet Information Services zero-day flaw, but doesn't rule out an out-of-band patch. Article | 28 Dec 2009
-
Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem. News | 20 Nov 2009
-
VeriSign extends DDoS attack protection service
Vendor latches on to the recent high profile DDoS attacks with Web-based monitoring service. News | 15 Sep 2009
-
Microsoft issues IIS FTP advisory, exploit code circulates
Exploit code is circulating for the FTP zero-day flaw in Microsoft IIS Web server. Article | 03 Sep 2009
- See More: News on Web Server Threats and Countermeasures
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar. Tip
-
How to spot attacks through Apache Web server log analysis
Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information. Tip
-
How to clear out anonymous Web proxy servers in the workplace
Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users from bypassing content filters. Tip
-
How to stop malware in a 'Flash'
Always innovating, attackers have found ways to mask their malware by placing the code into PDFs and Flash files. The malware often appears to be legitimate ads for products, and it can be particularly hard to analyze. John Strand explains why and de... Tip
-
Screencast: How to use Wikto for Web server assessment
Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool. Tip
-
IT discussion: Is malware the cause of a DNS server error?
DNS connectivity problems are quite common, but an increasing number of DNS issues are being caused by surreptitious attacks. In this Q&A thread from SearchSecurity.com's redesigned IT Knowledge Exchange, learn how an innocent query about a finicky D... Tip
-
Finding and blocking Web application server attack vectors
Web application server attacks are nothing new, but attackers are coming up with creative new ways to penetrate them. Information security expert Peter Giannoulis examines how data-hungry attackers are using Web application servers to crack into back... Tip
-
Avoiding the scourge of DNS amplification attacks
DNS amplification attacks can generate enough bogus traffic to blow almost anyone off the Internet. Learn how these packet flood attacks work and how to defend your organization. Tip
-
Blocking Web anonymizers in the enterprise
As Internet privacy concerns continue to proliferate, so does the use of Web anonymizers. While these tools can help you block employee access to certain Web sites, they are also beneficial in helping employees evade your efforts. In this tip, access... Tip
- See More: Tips on Web Server Threats and Countermeasures
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Learning from the MySQL.com hack: How to stop website redirects
Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack. Answer
-
Stop hackers from finding data during Web application fingerprinting
Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
How an IIS Web application pool can help secure your enterprise
Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools. Answer
-
Secure DMZ Web server setup advice
Network security expert Anand Sastry describes how to ensure a secure DMZ Web server setup involving network attached storage (NAS). Ask the Expert
-
How do passwordless SSH keys represent an enterprise attack vector?
Passwordless SSH keys represent an attack vector because their safety is determined by the security of the host. Learn how to protect communication between two networked devices. Ask the Expert
-
How to harden Linux operating systems
Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A. Ask the Expert
- See More: Expert Advice on Web Server Threats and Countermeasures
-
content filtering (information filtering)
On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable. Definition
-
cache cramming
Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run. Definition
-
Web filter
A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user. Definition
-
Read-only domain controllers – What are they and why should I care?
Beth Quinlan (MCT, MCSE-Security, CISSP) is the technical lead for HynesITe, where she is a trainer/consultant. She has specialized in Microsoft infrastructure technologies and security design for over 12 years. She has authored the ISA Server 2006 R... Podcast
-
Dan Kaminsky on DNS, Web attacks
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on DNS and Web-based attack techniques. Video
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Learning from the MySQL.com hack: How to stop website redirects
Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack. Answer
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News
-
Stop hackers from finding data during Web application fingerprinting
Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips. Answer
-
Oracle issues out-of-band Apache update
Oracle Corp. has issued an out-of-band security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw. News
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild. News
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
- See More: All on Web Server Threats and Countermeasures
About Web Server Threats and Countermeasures
In this resource guide get news and tips on Web server threats, attacks and countermeasures. Learn how to secure your Web servers to prevent malicious hacker access and avoid DNS vulnerabilities.