Web Security Tools and Best Practices
- October 11, 2018
Farsight Security's Paul Vixie says his company's new research into domain name lifespans and causes of death shows the need for new policies and action to curb malicious domains.
- August 10, 2018
PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018.
- March 29, 2018
Security startups competing in this year's RSA Innovation Sandbox will present new offerings for threat detection, cloud security, artificial intelligence and machine learning.
- February 08, 2018
A security researcher found that a significant number of popular websites are still using untrusted certificates from Symantec, which will be invalidated this year.
- January 17, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides.
- March 24, 2017
Certificate authority Comodo has submitted two new Certificate Transparency logs for approval by Google, which aim to accept any publicly trusted certificates from any CA.
- March 22, 2017
HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position.
- January 20, 2017
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more.
- December 02, 2016
News roundup: Tor browser patches de-anonymizing vulnerability. Plus, Senators ask Obama to release information on Russia's impact on the election, Mirai botnet for rent and more.
- October 19, 2016
IBM asks, and researcher pulls proof of concept code from a coordinated vulnerability disclosure, internet explodes.
- October 04, 2016
Researchers found a way to use DNS monitoring to deanonymize Tor users by enhancing the effectiveness of fingerprinting attacks.
- September 29, 2016
Citing a long list of transgressions, Mozilla prepares to sanction Chinese certificate authority WoSign by removing it from its list of trusted certificate issuers.
- September 16, 2016
Google Project Zero Prize hacking competition is set to improve Android security by rewarding remote code execution exploits with prizes up to $200,000.
- August 12, 2016
The White House unveils a new open source government policy and new research estimates the government's zero-day exploit stockpile to be smaller than expected.
- August 05, 2016
Black Hat researchers report flaws in key web protocols, demonstrating widespread flaws in HTTP/2 implementations; Banner Health announces breach affecting 3.7 million.