Get started
Bring yourself up to speed with our introductory content.
Productivity apps and messaging security
two-factor authentication (2FA)
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the ... Continue Reading
The best email security comes through strategy and tactics
The best email security policy requires a holistic approach of the issue, understanding both the problem's scope and the most likely threats. Continue Reading
How to craft an application security strategy that's airtight
A solid application security strategy today must include varieties like cloud apps and mobile. Learn how to set application security policies and practices that keep hackers out. Continue Reading
-
application whitelisting
Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all other applications from running. Continue Reading
Building an application security program: Why education is key
Education and training are crucial parts of a strong application security program. Sean Martin explains how enterprises should build these elements into their programs. Continue Reading
Lenovo SHAREit: How does its hardcoded password vulnerability work?
The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to prevent exploits on them.Continue Reading
CISSP online training: Software Development Security domain
Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.Continue Reading
ERP security: How to defend against SAP vulnerabilities
A recent study revealed more than 95% of SAP systems were exposed to potentially disastrous vulnerabilities. Expert Nick Lewis explains how to mitigate these SAP vulnerabilities and maintain ERP security.Continue Reading
PHP security tips to ensure enterprise Web safety
Research shows more than three-quarters of PHP installations run with at least one vulnerability. Learn the steps for ensuring PHP security in the enterprise workplace.Continue Reading
Whitelisting: Filtering for advanced malware prevention
Though it's been maligned in the past, whitelisting can be an effective tactic for filtering advanced malware attacks against enterprise endpoints.Continue Reading
-
Ranum Q&A with Aaron Turner: Whitelisting is on enterprise blacklist
An early proponent of Microsoft SRP, Aaron Turner says application whitelisting has finally taken hold in consumer app stores.Continue Reading
Security policy for PDF use: How to secure PDF files for the enterprise
PDF files are an integral part of many enterprises' business processes, and, as such, they are a prime target for malicious activity. In this learning guide, learn how to secure your organization's PDFs, prevent attacks against them and decide when ...Continue Reading
zero-day exploit
A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known...(Continued)Continue Reading
sheepdip (sheep dipping or a footbath)
In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.Continue Reading
The Art of Software Security Testing
Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats.Continue Reading