Features
Features
Application attacks (buffer overflows, cross-site scripting)
-
CISSP online training: Software Development Security domain
Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats. Continue Reading
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Continue Reading
-
PDF download: Information Security magazine November 2012
In this issue, find out who won this year’s Security 7 Award, Also, we examine the pros and cons of the Metasploit penetration testing framework. Continue Reading
-
Old Application Vulnerabilities, Misconfigurations Continue to Haunt
Flaws in legacy applications and configuration blunders still plague organizations, experts say. Continue Reading
-
Black Hat conference 2010: News, podcasts and videos
Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts. Continue Reading
-
Black Hat conference coverage 2009: News, podcasts and videos
The SearchSecurity.com team is live at the 2009 Black Hat conference. Look here for the latest headlines, interviews, podcasts and videos from Caesars Palace in Las Vegas. Continue Reading
-
Googling Security: How Much Does Google Know About You?
In an excerpt from Googling Security: How Much Does Google Know About You?, author Greg Conti explains how attackers exploit advertising networks to compromise end-user machines. Continue Reading
-
PING with Mark Odiorne
In this exclusive interview Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritizing security for senior management and keeping compliant. Continue Reading
-
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ... Continue Reading
-
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by... Continue Reading
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," ... Continue Reading
-
How to assess and mitigate information security threats
Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage. Continue Reading
-
Implementing Multiple Solutions
-
Attacking Web authorization: Web authorization-Session token security
This excerpt from Chapter 5: Attacking Web Authorization of "Hacking Exposed Web Applications, Second Edition," by Joel Scambray, Mike Schema and Caleb Sima provides authorization and session management technique best practices Continue Reading
-
State-based attacks: Session management
In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ... Continue Reading