Get started

Productivity apps and messaging security

• Software security testing and software stress testing basics

  In this excerpt from Ric Messier's book, learn why software security testing and stress testing are critical components of an enterprise infosec program. Continue Reading

• two-factor authentication (2FA)

  Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading

• application whitelisting

  Application whitelisting is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading

• What is MTA-STS and how will it improve email security?

  Discover how the MTA-STS specification will improve email security by encrypting messages and enabling secure, authenticated email transfers between SMTP servers. Continue Reading

• sandbox (computer security)

  A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run. Continue Reading

• Definitions to Get Started

  • two-factor authentication (2FA)
  • application whitelisting

  • sandbox (computer security)
  • sheepdip (sheep dipping or a footbath)

  View All Definitions

• The best email security comes through strategy and tactics

  The best email security policy requires a holistic approach of the issue, understanding both the problem's scope and the most likely threats.Continue Reading

• How to craft an application security strategy that's airtight

  A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out.Continue Reading

• Building an application security program: Why education is key

  Education and training are crucial parts of a strong application security program. Sean Martin explains how enterprises should build these elements into their programs.Continue Reading

• Lenovo SHAREit: How does its hardcoded password vulnerability work?

  The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to prevent exploits on them.Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.Continue Reading

• ERP security: How to defend against SAP vulnerabilities

  A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading

• PHP security tips to ensure enterprise Web safety

  Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.Continue Reading

• Whitelisting: Filtering for advanced malware prevention

  Though it's been maligned in the past, whitelisting can be an effective tactic for filtering advanced malware attacks against enterprise endpoints.Continue Reading

• Ranum Q&A with Aaron Turner: Whitelisting is on enterprise blacklist

  An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.Continue Reading

• Security policy for PDF use: How to secure PDF files for the enterprise

  PDF files are an integral part of many enterprises' business processes, and, as such, they are a prime target for malicious activity. In this learning guide, learn how to secure your organization's PDFs, prevent attacks against them and decide when ...Continue Reading

• sheepdip (sheep dipping or a footbath)

  In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.Continue Reading

• The Art of Software Security Testing

  Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats.Continue Reading