Get started
Bring yourself up to speed with our introductory content.
Web application and API security best practices
SSL (Secure Sockets Layer)
Secure Sockets Layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an insecure network, such as the internet. Continue Reading
pen test (penetration testing)
Penetration testing, also called pen testing or ethical hacking, is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit. Continue Reading
Web application firewall (WAF)
A Web application firewall (WAF) is a firewall that monitors, filters or blocks traffic to and from a Web application. WAFs are especially useful to companies that provide products or services over the Internet. Continue Reading
-
distributed denial of service (DDoS) attack
A distributed denial-of-service attack occurs when an attack originates from multiple computers or devices, usually from multiple different locations or networks. Continue Reading
How to craft an effective DevSecOps process with your team
Switching to a DevSecOps model in software development offers many benefits, but combining security and DevOps takes knowledge, forethought and planning. Continue Reading
-
Definitions to Get Started
- SSL (Secure Sockets Layer)
- pen test (penetration testing)
- Web application firewall (WAF)
- distributed denial of service (DDoS) attack
- buffer overflow
- malvertisement (malicious advertisement or malvertising)
- content filtering (information filtering)
- metamorphic and polymorphic malware
buffer overflow
A buffer overflow occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. Buffer overflow exploits may enable remote execution of malicious code or denial of service ...Continue Reading
DevOps security requires new mindset and tools for visibility, automation
Intuit did it. Etsy did it. Netflix did it. How fast moving companies are integrating security into the agile DevOps cycle for continuous deployment of software and services.Continue Reading
DevSecOps: Security leaves the silos (and badges) behind
Delays, "no" and "redo that work" causes many developers to avoid IT security. With DevOps, proponents aim to make security at scale everybody's problem.Continue Reading
How to address key SSL security issues and vulnerabilities
As SSL technology evolves and changes, new vulnerabilities begin to cause problems. Expert Rob Shapland explains how security professionals can overcome these SSL security issues.Continue Reading
Can opportunistic encryption improve browser security?
Opportunistic encryption offers encryption for servers that don't support HTTPS. Expert Michael Cobb explains how it works and how it can help Web security.Continue Reading
-
Comparing the best Web application firewalls in the industry
Expert Brad Causey compares the best Web application firewalls on the market across three types of product types: cloud, integrated and appliance.Continue Reading
Introduction to Web fraud detection systems
Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce.Continue Reading
Can a walled garden approach help secure Web browsers?
While a walled garden can help secure Web browsers, they are not seen as beneficial by all. Expert Michael Cobb explains why.Continue Reading
Email security gateways vs. Web security gateways: Do you need both?
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.Continue Reading
Can a read-only domain controller maximize DMZ security?
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver explains.Continue Reading