Web security tools and best practices

Get news and expert advice on Web security tools and threats. Find out about current threats against Web applications, web security tools, SSL and TLS encryption, Web services, SOA, web access control, web server security, URL filtering, content filtering and browser security.

Top Stories

Feature 09 Nov 2021
API security strategies must evolve to include API protection

An API security strategy must include the ability to protect APIs post-deployment, but questions abound about ownership, which tools to use and how to get started. Continue Reading
By
- Sharon Shea, Executive Editor
Feature 28 Oct 2021
Amid explosive growth, API security a growing concern

APIs are expanding exponentially across the technology landscape and creating a vast attack surface that enterprise security teams are struggling to understand and defend. Continue Reading
By
- Arielle Waldman, News Writer

Feature 17 Mar 2021
Top incident response tools to boost network protection

Incident response tools can help organizations identify, prevent and respond to malware exploits, ransomware and other targeted cybersecurity attacks. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 31 Jul 2020
How to mitigate an HTTP request smuggling vulnerability

Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 06 May 2020
Complete guide to penetration testing best practices

Pen testing uncovers security vulnerabilities before hackers do. Use this guide to learn about the tooling options, test types, use cases and common flaws in software penetration testing. Continue Reading
By
- Stephen J. Bigelow, Senior Technology Editor
Opinion 01 May 2020
Plan now for the future of network security

How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future. Continue Reading
By
- Ben Cole, Executive Editor
Tip 29 Apr 2020
SSL certificate best practices for 2020 and beyond

SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
By
- Michael Cobb
News 31 Oct 2019
Adsterra still connected to malvertising campaign, despite denials

Despite a pledge of "zero tolerance" for malicious activity, ad network Adsterra was found to be once again connecting with the Master134 malvertising campaign. Continue Reading
By
- Rob Wright, Senior News Director
News 11 Oct 2019
Cybersecurity threats on the rise, prey on human nature

Cybersecurity attacks continue to rise, taking advantage of network vulnerabilities -- and human ones. First National Technology Solutions' CISO offers advice. Continue Reading
By
- Tanner Harding
Answer 16 Sep 2019
What's the purpose of CAPTCHA technology and how does it work?

Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections. Continue Reading
By
- Joel Dubin
Opinion 01 Aug 2019
The must-have skills for cybersecurity aren't what you think

The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Feature 28 Jun 2019
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 28 Jun 2019
How to retool incident response best practices for the digital age

As companies become more cloud- and mobile-centric, they need to reassess their incident response best practices and automate as much as possible. Continue Reading
By
- Johna Till Johnson, Nemertes Research
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
Feature 28 Mar 2019
Symantec Web Security Service vs. Zscaler Internet Access

Learn how cloud-based secure web gateway products Symantec Web Security Service and Zscaler Internet Access compare when it comes to features, benefits, pricing and support. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Conference Coverage 07 Mar 2019
RSAC 2019: Coverage of the premiere security gathering

Find out what's happening at the at the 2019 RSA Conference in San Francisco, the information security industry's biggest event, with breaking news and analysis by the SearchSecurity team. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 20 Feb 2019
Key steps to put your zero-trust security plan into action

There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 10 Dec 2018
5 actionable deception-tech steps to take to fight hackers

Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 11 Oct 2018
Paul Vixie wants to stop malicious domains before they're created

Farsight Security's Paul Vixie says his company's new research into domain name lifespans and causes of death shows the need for new policies and action to curb malicious domains. Continue Reading
By
- Rob Wright, Senior News Director
News 10 Aug 2018
Web cache poisoning attacks demonstrated on major websites, platforms

PortSwigger's James Kettle doesn't believe web cache poisoning is theoretical and to prove it, he demonstrated several attacks on major websites and platforms at Black Hat 2018. Continue Reading
By
- Rob Wright, Senior News Director
News 29 Mar 2018
RSA Innovation Sandbox highlights threat detection, AI

Security startups competing in this year's RSA Innovation Sandbox will present new offerings for threat detection, cloud security, artificial intelligence and machine learning. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Answer 09 Mar 2018
How can improper certificate pinning be stopped by the Spinner tool?

Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the Spinner tool. Continue Reading
By
- Michael Cobb
Tip 22 Feb 2018
Web vulnerability scanners: What you won't learn from vendors

Web security flaws are a serious issue that web vulnerability scanners can manage. Discover your best fit scanner as expert Kevin Beaver shares tips that vendors won't tell you. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Podcast 17 Jan 2018
Risk & Repeat: Let's Encrypt certificates offer pros, cons

In this week's Risk & Repeat podcast, SearchSecurity editors discuss Let's Encrypt certificates and weigh the positives and negatives the free certificate authority provides. Continue Reading
By
- Rob Wright, Senior News Director
Tip 24 Oct 2017
How automated web vulnerability scanners can introduce risks

While automation is a key ingredient for security, it can't always be trusted. This especially holds true when running web vulnerability scanners, as Kevin Beaver explains. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 11 Oct 2017
Addressing web server vulnerabilities below the application layer

Web application security is crucial, but enterprises also need to look below that layer for weaknesses. Kevin Beaver explains how to look for common web server vulnerabilities. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 19 Apr 2017
How does Nemucod malware get spread through Facebook Messenger?

The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available protections against this attack. Continue Reading
By
- Nick Lewis
News 22 Mar 2017
HTTPS interception, middlebox models under fire

HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 20 Jan 2017
Vulnerable Adobe extension downloads covertly to Chrome

News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 02 Sep 2016
Planning for an IPv6 attack: DDoS, neighbor discovery threats and more

An IPv6 DDoS attacks are imminent, and your network security tools may not be configured for it. Expert Michael Cobb explains how enterprises can prepare its defenses. Continue Reading
By
- Michael Cobb
News 26 May 2016
Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol

Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor