Web security tools and best practices

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

June 16, 2021 16 Jun'21
Zscaler: Exposed servers, open ports jeopardizing enterprises

Zscaler analyzed 1,500 networks and found administrators are leaving basic points of entry wide open for attackers as neglected servers are falling by the wayside.
June 01, 2021 01 Jun'21
RSA Conference 2021: Focus on resilience

SearchSecurity will be at RSAC 2021, virtual edition, to provide pre-conference coverage and breaking news and analysis from the world's biggest infosec event.
December 08, 2020 08 Dec'20
Salesforce advised users to skip Chrome browser updates

Salesforce recommended users dealing with mixed content issues to skip Chrome upgrades or roll back to older versions of the browser, but the vendor later removed those steps.
August 12, 2020 12 Aug'20
Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer.

Bring yourself up to speed with our introductory content

threat modeling

Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system. Continue Reading
distributed denial-of-service (DDoS) attack

A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. Continue Reading
Amazon Trust Services

Amazon Trust Services is a certificate authority created and operated by Amazon Web Services. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

8 blockchain security risks to weigh before adoption

Blockchain and smart contracts have their own unique vulnerabilities. But poor code testing, cryptographic keys and generic network attacks will get you, too. Continue Reading
Buyers must navigate cybersecurity market confusion

Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all. Continue Reading
Applying web application reconnaissance to offensive hacking

Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading

Learn to apply best practices and optimize your operations.

5 bad practices that lead to insecure APIs in cloud computing

API security often feels complicated. However, your IT team will go a long way in securing its services if it avoids these common pitfalls in API design and implementation. Continue Reading
Building an incident response framework for your enterprise

Understanding the incident response framework standards and how to build the best framework for your organization is essential to preventing threats and mitigating cyber incidents. Continue Reading
Top 10 types of information security threats for IT teams

Common security threats range from insider threats to advanced persistent threats, and they can bring an organization to its knees unless its in-house security team is aware of them and ready to respond. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to fix the top 5 cybersecurity vulnerabilities

Check out the top five cybersecurity vulnerabilities and find out how to prevent data loss or exposure, whether the problem is end-user gullibility, inadequate network monitoring or poor endpoint security defenses. Continue Reading
CERT vs. CSIRT vs. SOC: What's the difference?

What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization. Continue Reading
What is bloatware? How to identify and remove it

Unwanted pre-installed software -- also known as bloatware -- has long posed security threats for computers and other devices. Here are strategies for how to detect bloatware and uninstall the potential threat. Continue Reading