Features

Features

Web security tools and best practices

• AI-powered cyberattacks force change to network security

  Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data.  Continue Reading

• Windows IIS server hardening checklist

  Use this handy Windows IIS server hardening checklist on the job to ensure your IIS server is deployed safely and stays secure in use.  Continue Reading

• 5 application security threats and how to prevent them

  The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses.  Continue Reading

• How to become an incident responder: Requirements and more

  Incident response is a growth field that provides excitement and a good salary. Here's an in-depth look at requirements, salaries and the career path.  Continue Reading

• 10 types of security incidents and how to handle them

  Cyberattacks are more varied than ever. Learn the key symptoms that signal a problem and how to respond to keep systems and data safe.  Continue Reading

• How to build an incident response team for your organization

  The time to organize and train an IR team is long before a security incident occurs. Learn the practical steps needed to create an effective, cross-functional team.  Continue Reading

• Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

  Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents.  Continue Reading

• How to fix the top 5 cybersecurity vulnerabilities

  Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses.  Continue Reading

• Incident response tools: How, when and why to use them

  The OODA loop can help organizations throughout the entire incident response process by giving them insight into which tools they need to detect and respond to security events.  Continue Reading

• 5 critical steps to creating an effective incident response plan

  With cyberthreats and security incidents growing by the day, every organization needs a solid plan for mitigating threats. Here's how to create yours.  Continue Reading

• Top incident response tools to boost network protection

  Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks.  Continue Reading

• Top 10 incident response vendors for 2019

  Leading incident response services include a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture.  Continue Reading

• Top 10 types of information security threats for IT teams

  Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond.  Continue Reading

• Top 5 incident response interview questions

  Job interviews are always nerve-wracking. But you can prepare now by honing your responses to the most likely interview questions for an incident response position.  Continue Reading

• Inside 'Master134': Propeller Ads connected to malvertising campaign

  A SearchSecurity investigation determined ad network Propeller Ads played a significant role in the early stages of the Master134 malvertising campaign.  Continue Reading

• Inside 'Master134': ExoClick tied to previous malvertising campaigns

  Online ad network ExoClick denied any involvement in the Master134 campaign, but the company has ties to similar malvertising threats.  Continue Reading

• 'Master134' malvertising campaign raises questions for online ad firms

  Malvertising and adware schemes are a growing concern for enterprises. Our deep investigation into one campaign reveals just how complicated threats can be to stop.  Continue Reading

• Inside 'Master134': More ad networks tied to malvertising campaign

  Check Point's report on the Master134 malvertising campaign implicated five ad networks, but a SearchSecurity investigation revealed more companies were involved.  Continue Reading

• Inside 'Master134': Ad networks' 'blind eye' threatens enterprises

  Online ad networks linked to the Master134 malvertising campaign and other malicious activity often evade serious fallout and continue to operate unabated.  Continue Reading

• Inside 'Master134': Adsterra's history shows red flags, abuses

  Adsterra denied it was involved in the Master134 malvertising campaign, but a review of the company's history reveals many red flags, including activity in a similar campaign.  Continue Reading

• Symantec Web Security Service vs. Zscaler Internet Access

  Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support.  Continue Reading

• 6 questions to ask before evaluating secure web gateways

  Learn which six questions can help an organization identify its web security and business needs and its readiness to implement a secure web gateway.  Continue Reading

• Infoblox's Cricket Liu explains DNS over HTTPS security issues

  Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises.  Continue Reading

• HTTPS interception gets a bad rap; now what?

  Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it.  Continue Reading

• Timeline: Symantec certificate authority improprieties

  Timeline: Follow along as Google and Mozilla raise issues with Symantec certificate authority actions, and then attempt to return trust to the CA giant.  Continue Reading

• Hiding Behind the Keyboard

  In this excerpt from chapter 2 of Hiding Behind the Keyboard, authors Brett Shavers and John Bair discuss the Tor Browser.  Continue Reading

• Hacking Web Intelligence

  In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy.  Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.  Continue Reading

• Choosing the best web fraud detection system for your company

  This guide explains the technology and the key features an effective system should include to help readers evaluate fraud detection products and choose the best for their company.  Continue Reading

• Resolve web security issues with advice from industry experts

  Web security issues begin at the web app development stage, but there are ways security pros and developers can collaborate to boost security without sacrificing app performance.  Continue Reading

• DevOps security requires new mindset and tools for visibility, automation

  Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• The incident response process is on the clock

  No time to prepare for incident handling? Security tools aim to automate the incident response process and help organizations lessen the time between threat detection and response.  Continue Reading

• Readers' top picks for application security tools

  The top companies and application security products that organizations consider when they seek to reduce their application vulnerabilities.  Continue Reading

• Comparing the top Web fraud detection systems

  Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria.  Continue Reading

• Windows 10 security fixes longtime OS vulnerabilities

  Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.  Continue Reading

• Five criteria for purchasing Web fraud detection systems

  Expert Ed Tittel describes the purchasing criteria for Web fraud detection systems and explains how they can protect banking, e-commerce and other industries.  Continue Reading

• Comparing the best Web application firewalls in the industry

  Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.  Continue Reading

• Four enterprise scenarios for Web fraud detection systems

  Expert Ed Tittel describes use cases for Web fraud detection systems and products and explains how they can increase account and transaction security.  Continue Reading

• Introduction to Web fraud detection systems

  Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.  Continue Reading

• In the API economy, API security moves to center stage

  Integrating systems and data could pay off big. But publishing an API requires a lifetime commitment to monitoring its use.  Continue Reading

• Four questions to ask before buying a Web application firewall

  Web application firewalls are complex products. Expert Brad Causey explains the key criteria enterprises need to consider before investing in a WAF product.  Continue Reading

• Business-use scenarios for a Web application firewall deployment

  Web application firewalls can be a critical security layer for many companies. Expert Brad Causey explains when and how to deploy a WAF in the enterprise.  Continue Reading

• Introduction to Web application firewalls in the enterprise

  Expert Brad Causey takes a close look at Web application firewalls, explains how WAF technology can prevent Internet-based attacks from known and unknown applications threats, and offers advice on WAF management and deployment.  Continue Reading

• Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace

  This is an excerpt from the book Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace by Todd G. Shipley and Art Bowker.  Continue Reading

• Tor networks: Stop employees from touring the deep Web

  Are employees using Tor to view blocked Web sites, or mining Bitcoins on corporate resources? Sinister or not, it needs to stop.  Continue Reading

• Best of Web application firewalls 2013

  Readers vote on the top Web application firewalls in 2013: Standalone WAFs and products that are part of application acceleration/delivery systems.  Continue Reading

• Book chapter: Social media security policy best practices

  The following is an excerpt from chapter 6 Gary Bahadur from the book Securing the clicks: Network security in the age of social media.  Continue Reading

• Essential versus nonessential services for a Windows Web server

  Use this security checklist to harden your IIS Web server.  Continue Reading

• State-based attacks: Session management

  In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ...  Continue Reading

• Content Spoofing

  This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them.  Continue Reading

• Gaining access using application and operating system attacks

  In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their ...  Continue Reading

• Lesson 1 Quiz, Answer No. 3

  Lesson 1 Quiz, Answer No. 3  Continue Reading

• Quiz: Web attack prevention and defense

  Test your knowledge of the material covered in Web attack prevention and defense, including the fundamentals of securing a Web server.  Continue Reading

• Lesson 1 Quiz, Answer No. 1

  Web Security School: Lesson 1 Quiz, Answer No. 1  Continue Reading

• How to use SMTP relay service to keep spammers away from Exchange Server

  Learn how to use the IIS SMTP mail relay service to prevent spammers from directly interacting with your Microsoft Exchange Server.  Continue Reading

• Checklist of known IIS vulnerabilities

  Secure your Web server against these vulnerabilities.  Continue Reading

• A new era of computer worms: Wireless mobile worms

  In this excerpt of Chapter 9 from "The Art of Computer Virus Research and Defense," author Peter Szor dissects the Cabir worm.  Continue Reading

• The 'ultimate' in virus analysis theory and practice

  Information Security magazine reviews Peter Szor's "The Art of Computer Virus Research and Defense."  Continue Reading

• The future of software security vulnerabilities

  The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.  Continue Reading

• Web services security best practices: Presentation and application architectures

  Splitting the presentation and application architecture layers allows for checking each SOAP packet request and is a necessary Web service security best practice.  Continue Reading

• Thirteen website attacks that damage an enterprise's Web presence

  Many website attacks are potentially dangerous and can damage an organization's Web presence. Learn about the most common attacks and how they function.  Continue Reading