Web security tools and best practices

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

October 12, 2018 12 Oct'18
Mozilla delays distrust of Symantec TLS certificates, Google doesn't

Mozilla delays plans to distrust Symantec TLS certificates in Firefox because despite more than one year's notice, approximately 13,000 websites still use the insecure certificates.
October 11, 2018 11 Oct'18
Paul Vixie wants to stop malicious domains before they're created

Farsight Security's Paul Vixie says his company's new research into domain name lifespans and causes of death shows the need for new policies and action to curb malicious domains.
October 10, 2018 10 Oct'18
Google security audit begets product changes, German probe

A Google security audit uncovered a glitch in Google Plus that exposed data from nearly 500,000 accounts, causing the company to shutter the social network and spur a German data protection probe.
September 27, 2018 27 Sep'18
Congressional websites need to work on TLS

Congressional websites may not always have the best security, according to Joshua Franklin. Although, senators may be better at website security than House representatives.

Bring yourself up to speed with our introductory content

digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Continue Reading
denial-of-service attack

A denial-of-service attack is a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources. Continue Reading
digital certificate

A digital certificate, also known as a public key certificate, is used to cryptographically link ownership of a public key with the entity that owns it. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Open UC platforms improve communication workflow, but carry risks

An API-based integration between UC and business apps can improve workflows and contextual communication. But the integrations may carry security risks. Continue Reading
Public key pinning: Why is Google switching to a new approach?

After introducing HTTP Public Key Pinning to the internet two years ago, the upcoming Chrome will replace it with the Expect-CT header. Matt Pascucci explains the switch. Continue Reading
Advanced Protection Program: How has Google improved security?

Google added a layer to its account security system with Advanced Protection Program. Matt Pascucci explains how individuals can better defend themselves from malicious actors. Continue Reading

Learn to apply best practices and optimize your operations.

How can a 13-year-old configuration flaw affect SAP systems?

Cybersecurity vendor Onapsis found a 13-year-old flaw that affects nine out of 10 SAP NetWeaver systems. Learn how the flaw affects SAP systems with expert Judith Myerson. Continue Reading
What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis. Continue Reading
How did a Navarino Infinity flaw expose unauthenticated scripts?

Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

Why communication is critical for web security management

Conveying the importance of web security to management can be difficult for many security professionals. Kevin Beaver explains how to best communicate with the enterprise. Continue Reading
How does a WDC vulnerability put hardcoded passwords at risk?

Several vulnerabilities were found in Western Digital's My Cloud, including one that affects the default hardcoded password. Learn how to avoid such risks with expert Nick Lewis. Continue Reading
How did an old, unpatched Firefox bug expose master passwords?

A Firefox bug went undetected for nine years. Expert Michael Cobb explains how it enabled attackers to access the browser's master password and what's being done to mitigate it. Continue Reading