Security Management Strategies for the CIO
Email Alerts
-
Technical guide to Web security gateways
Malicious code and the sites hosting it are constantly changing; making it difficult for filtering technologies and signature-based antivirus programs to keep pace with the proliferation of today's' evolving threats. Read this e-book for the latest i... E-Book
-
Protecting against Web threats in the enterprise
Some organizations have security controls in place for web threats, but few organizations have comprehensive web security programs. In this e-book, we give you best practices for securing Web 2.0, tips for reducing web application vulnerabilities, an... E-Book
-
Choosing a Web security gateway
In this Security School lesson, you'll learn about the different features available in Web security gateways, key product selection considerations and how to ensure the deployment is successful. partOfGuideSeries
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Web site attacks and how to defeat them
In this primer, learn how Web sites are attacked and how you can prevent yours from being victimized. Security School
-
Insider's guide to IIS Web server security
In this primer, learn about IIS Web server hardening procedures, access control, security policies, and backup and recovery strategies. Primer
-
Essential versus nonessential services for a Windows Web server
Use this security checklist to harden your IIS Web server. Security School
-
Quiz answers: Blocking Web anonymizers
SearchSecurity Retention
-
SearchSecurity.com's top clicks of 2005
SearchSecurity.com's top five tips, news articles and learning tools from 2005. Top clicks of 2005
-
Gaining access using application and operating system attacks
In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their advanta... Book Chapter
-
Building trust into mobile computing
The Trusted Computing Group unveiled "use-cases" that describe secure ways in which to implement features and functions of mobile devices. Executive Briefing
-
Quiz: What's your infosec IQ?
Test your information security IQ with this short quiz. Security Quiz
- See more Essential Knowledge on Web Server Threats and Countermeasures
-
RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface. News | 19 Jun 2013
-
Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks. News | 09 May 2013
-
Podcast: Inside the DNS Changer botnet takedown
Security Wire Weekly podcast: Trend Micro Advanced Threats Researcher Paul Ferguson discusses how the DNS Changer botnet takedown happened and why an even more dangerous botnet era may be beginning. News | 15 Nov 2011
-
Oracle issues out-of-band Apache update
Oracle Corp. has issued an out-of-band security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw. News | 19 Sep 2011
-
Apache DDoS vulnerability requires immediate update to avoid threat
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild. News | 31 Aug 2011
-
DDoS attacks growing in size, break attack bandwidth barrier, Arbor Networks says
Attackers are becoming more skilled at harvesting the amount of bandwidth available and selecting specific targets, a new report finds. Article | 07 Feb 2011
-
Microsoft plans emergency update for ASP.NET encryption flaw
Attackers are targeting a weakness in the ASP.NET Web application framework. A fix is expected today at 1 p.m. ET. Article | 28 Sep 2010
-
Black Hat: Researchers poke holes in HTTPS, SSL Web browser security
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack. Article | 29 Jul 2010
-
SQL Injection attack used in breach of 168,000 Netherlands travelers
Attacker gains access to Netherlands-based smartcard website revealing customer information. News | 18 May 2010
-
Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
Software giant dismisses the critical nature of the Internet Information Services zero-day flaw, but doesn't rule out an out-of-band patch. Article | 28 Dec 2009
- See more News on Web Server Threats and Countermeasures
-
How to enact Apache security best practices for Web server security
With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise. Tip
-
Defending against watering hole attacks: Consider using a secure VM
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them. Tip
-
Exploring new features, uses for secure Web gateway appliances
Expert Michael Cobb reviews secure Web gateway appliance features that can better shield endpoints, plus SWG deployment options. Tip
-
Analysis: Vast IPv6 address space actually enables IPv6 attacks
For World IPv6 Launch Day 2012, Fernando Gont covers why common ways of generating IPv6 addresses actually make an attacker’s job easier. Tip
-
Enabling secure Web development means treating vulnerabilities as bugs
Gil Danieli explains why secure Web development depends on treating vulnerabilities like any other software bugs, and how to get Web developers to buy in. Tip
-
How to find and stop automated SQL injection attacks
Automated SQL injection worms use search engines to filter through vulnerable Web servers. In this tip, Patrick Szeto explains how to keep your website off of the malware's radar. Tip
-
How to spot attacks through Apache Web server log analysis
Log analysis requires refined search skills that will help you ferret out security issues. Brad Causey explains how to sift through log data and find the relevant security information. Tip
-
How to clear out anonymous Web proxy servers in the workplace
Enterprises may use Web filtering software to limit Internet use, but some employees may respond right back with easily available anonymizing proxies. John Strand explains how to keep your users from bypassing content filters. Tip
-
How to stop malware in a 'Flash'
Always innovating, attackers have found ways to mask their malware by placing the code into PDFs and Flash files. The malware often appears to be legitimate ads for products, and it can be particularly hard to analyze. John Strand explains why and de... Tip
-
Screencast: How to use Wikto for Web server assessment
Peter Giannoulis demonstrates what kinds of website and Web server information can be found using the free Wikto tool. Tip
- See more Tips on Web Server Threats and Countermeasures
-
Prevent DDoS DNS amplification attacks by securing DNS resolvers
Expert Nick Lewis details how misconfigured DNS resolvers can be used for DDoS DNS attacks and how organizations can secure them. Answer
-
Brute-force SSH attack prevention depends on network monitoring basics
Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22. Answer
-
How to protect a website from malware redirects
Malware redirects are a serious hazard in the jungle of infiltration exploits; Nick Lewis explains how they can be avoided. Answer
-
Explaining how trusted SSL certificates and forged SSL certificates work
Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections. Answer
-
Do WebKit exploits escalate risk of Web browser attacks?
The WebKit framework suffers from several vulnerabilities that can be exploited to conduct Web browser attacks. Expert Michael Cobb discusses the risk. Answer
-
Web server encryption: Enterprise website encryption best practices
Network security expert Mike Chapple details the fundamentals of Web server encryption and Web encryption deployment best practices. Answer
-
Learning from the MySQL.com hack: How to stop website redirects
Learn how to stop website redirects put in place by malicious hackers, and how to prevent attacks like the MySQL.com hack. Answer
-
Stop hackers from finding data during Web application fingerprinting
Hackers use Web application fingerprinting to learn about their target. You can reduce the amount of information they uncover with these tips. Answer
-
Is full-disk server encryption software worth the resource overhead?
While encrypting production servers may seem like a good security move, according to Anand Sastry, doing so may not be worth the resources it uses. Answer
-
How an IIS Web application pool can help secure your enterprise
Did you know an IIS Web application pool not only helps manage your applications, but also makes them more secure? Expert Michael Cobb explains the benefits of Web application pools. Answer
- See more Expert Advice on Web Server Threats and Countermeasures
-
Apache HTTP server project
The Apache HTTP server project is a collaborative open source Web server development initiative. The project is spearheaded by the Apache Server Foundation. Definition
-
content filtering (information filtering)
On the Internet, content filtering (also known as information filtering) is the use of a program to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable. Definition
-
cache cramming
Cache cramming is a method of tricking a computer into running Java code it would not ordinarily run. Definition
-
Web filter
A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user. Definition
-
Read-only domain controllers: What are they and why should I care?
Learn the concept of a read-only domain controller and why security professionals should recommend its use in their enterprises. Podcast
-
Dan Kaminsky on DNS, Web attacks
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on DNS and Web-based attack techniques. Video
-
How to enact Apache security best practices for Web server security
With Apache Web servers becoming ever more popular with attackers, organizations should follow Apache security best practices to avoid compromise. Tip
-
RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface. News
-
Department of Labor website hack highlights advanced attack trends
The IE8 zero-day attack planted in the U.S. Labor Department's website highlights how few organizations can ward off never-before-seen attacks. News
-
Prevent DDoS DNS amplification attacks by securing DNS resolvers
Expert Nick Lewis details how misconfigured DNS resolvers can be used for DDoS DNS attacks and how organizations can secure them. Answer
-
Brute-force SSH attack prevention depends on network monitoring basics
Expert Brad Casey discusses why effective brute-force SSH attack prevention means improving network monitoring instead of closing TCP port 22. Answer
-
Defending against watering hole attacks: Consider using a secure VM
Expert Nick Lewis analyzes the techniques employed by watering hole attacks and discusses how to use a secure VM to defend enterprises against them. Tip
-
Choosing a Web security gateway
In this Security School lesson, you'll learn about the different features available in Web security gateways, key product selection considerations and how to ensure the deployment is successful. partOfGuideSeries
-
Apache HTTP server project
The Apache HTTP server project is a collaborative open source Web server development initiative. The project is spearheaded by the Apache Server Foundation. Definition
-
Exploring new features, uses for secure Web gateway appliances
Expert Michael Cobb reviews secure Web gateway appliance features that can better shield endpoints, plus SWG deployment options. Tip
-
Analysis: Vast IPv6 address space actually enables IPv6 attacks
For World IPv6 Launch Day 2012, Fernando Gont covers why common ways of generating IPv6 addresses actually make an attacker’s job easier. Tip
- See more All on Web Server Threats and Countermeasures
About Web Server Threats and Countermeasures
In this resource guide get news and tips on Web server threats, attacks and countermeasures. Learn how to secure your Web servers to prevent malicious hacker access and avoid DNS vulnerabilities.