Manage

Manage

Learn to apply best practices and optimize your operations.

• Vulnerability scans: How effective are they for web apps?

  Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can be missed by security teams. Continue Reading

• Broadpwn flaw: How does the new iOS exploit compare?

  An iOS exploit similar to the Broadpwn flaw was recently developed by a researcher at Google's Project Zero. Expert Kevin Beaver explains what the exploit is and how it works. Continue Reading

• Can a decentralized open source community properly address security?

  SearchSecurity talks with UC Berkeley Professor Steven Weber about the open source community, the security challenges facing it and the prospect of software liability. Continue Reading

• OneLogin data breach: What does the attack mean for SSOs?

  A OneLogin data breach affected all of the company's U.S. customers after threat actors abused an Amazon Web Services API. Discover what this means for customers and SSO companies. Continue Reading

• Say hello to the future of authentication, bye to passwords

  Passwords and tokens are a thing of the past. No way, you say? Our webcast on the likely ways authentication will work in the future may make a believer out of you. Continue Reading

• How can a vulnerability in Ruggedcom switches be mitigated?

  Vulnerabilities in Ruggedcom switches could open the industrial switches and other communication devices up to attacks. Expert Judith Myerson explains how to mitigate the risks.Continue Reading

• How does port swapping work to bypass two-factor authentication?

  With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them.Continue Reading

• iOS updates: Why are some Apple products behind on updates?

  A study by Zimperium found that more than 23% of iOS devices aren't running the latest software. Matt Pascucci explains how this is possible, even though Apple controls iOS updates.Continue Reading

• What GDPR requirements mean for U.S. companies

  The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply.Continue Reading

• John Germain lands the new CISO position at Duck Creek

  Serving the technology needs of the property and casualty insurance industry means keeping a weathered eye on risk profiles, enterprise software and emerging threats.Continue Reading

• User behavior analytics leads the security analytics charge

  Will no longer playing by the rules help companies find insider threats to prevent security attacks? As user and entity behavior analytics gets closer to SIEM tools, enterprises take notice.Continue Reading

• The tug of war between user behavior analysis and SIEM

  Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component?Continue Reading

• What's with cybersecurity education? We ask Blaine Burnham

  When he left the NSA, Burnham helped build the security education and research programs at the Georgia Institute of Technology and other universities. What did he learn?Continue Reading

• CISOs take notice as GPS vulnerabilities raise alarms

  GPS has been extraordinarily reliable, but there's a growing chorus of experts who say it's time to assess GPS security and consider protective strategies.Continue Reading

• Use caution with OAuth 2.0 protocol for enterprise logins

  Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication.Continue Reading