Web security tools and best practices

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

December 08, 2020 08 Dec'20
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
August 12, 2020 12 Aug'20
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.
July 27, 2020 27 Jul'20
Digital ad networks tied to malvertising threats -- again

Adsterra and Propeller Ads were implicated in past malvertising threats such the Master134 campaign. Now the two ad networks are linked to new malicious activity.
March 24, 2020 24 Mar'20
RSA Conference 2020 guide: Highlighting security's human element

What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.

Bring yourself up to speed with our introductory content

PKI (public key infrastructure)

PKI (public key infrastructure) is the underlying framework that enables entities -- users and servers -- to securely exchange information using digital certificates. Continue Reading
What are the types of APIs and their differences?

Enterprises increasingly rely on APIs to interact with customers and partners. It all starts by knowing which type of API is right for your needs. Continue Reading
digital signature

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Ultimate guide to cybersecurity incident response

Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively. Continue Reading
10 leading incident response vendors for 2021

Incident response vendors offer a variety of specialized tools to help organizations plan and manage their overall cybersecurity posture. Learn about 10 of them here. Continue Reading
Top incident response tools to boost network protection

Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading

Learn to apply best practices and optimize your operations.

5 bad practices that lead to insecure APIs in cloud computing

API security often feels complicated. However, your IT team will go a long way in securing its services if it avoids these common pitfalls in API design and implementation. Continue Reading
Building an incident response framework for your enterprise

Understanding the incident response framework standards and how to build the best framework for your organization is essential to preventing threats and mitigating cyber incidents. Continue Reading
Top 10 types of information security threats for IT teams

Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to fix the top 5 cybersecurity vulnerabilities

Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses. Continue Reading
CERT vs. CSIRT vs. SOC: What's the difference?

What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization. Continue Reading
What is bloatware? How to identify and remove it

Unwanted pre-installed software -- also known as bloatware -- has long posed security threats for computers and other devices. Here are strategies for how to detect bloatware and uninstall the potential threat. Continue Reading