Features

Features

Application attacks (buffer overflows, cross-site scripting)

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• PDF download: Information Security magazine November 2012

  In this issue, find out who won this year’s Security 7 Award, Also, we examine the pros and cons of the Metasploit penetration testing framework.  Continue Reading

• Old Application Vulnerabilities, Misconfigurations Continue to Haunt

  Flaws in legacy applications and configuration blunders still plague organizations, experts say.  Continue Reading

• Black Hat conference 2010: News, podcasts and videos

  Get updates on the latest happenings at the Black Hat 2010 conference with breaking news stories, and exclusive video and podcasts.  Continue Reading

• Black Hat conference coverage 2009: News, podcasts and videos

  The SearchSecurity.com team is live at the 2009 Black Hat conference. Look here for the latest headlines, interviews, podcasts and videos from Caesars Palace in Las Vegas.  Continue Reading

• Googling Security: How Much Does Google Know About You?

  In an excerpt from Googling Security: How Much Does Google Know About You?, author Greg Conti explains how attackers exploit advertising networks to compromise end-user machines.  Continue Reading

• PING with Mark Odiorne

  In this exclusive interview Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritizing security for senior management and keeping compliant.  Continue Reading

• Balancing the cost and benefits of countermeasures

  The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by...  Continue Reading

• Network-based attacks

  The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ...  Continue Reading

• How to assess and mitigate information security threats

  Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage.  Continue Reading

• Attacks targeted to specific applications

  This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," ...  Continue Reading

• Implementing Multiple Solutions

   Continue Reading

• Attacking Web authorization: Web authorization-Session token security

  This excerpt from Chapter 5: Attacking Web Authorization of "Hacking Exposed Web Applications, Second Edition," by Joel Scambray, Mike Schema and Caleb Sima provides authorization and session management technique best practices  Continue Reading

• State-based attacks: Session management

  In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ...  Continue Reading