Tips

Tips

• Addressing vulnerable web systems that are often overlooked

  Web security vulnerability scanners often focus on large applications within the enterprise. However, there are plenty of overlooked web systems that contain hidden flaws.  Continue Reading

• Software security training: Perspectives on best practices

  Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done.  Continue Reading

• Entropy sources: How do NIST rules impact risk assessments?

  NIST recently released new guidance on entropy sources used for random bit generation. Judith Myerson explains these recommendations and how they alter cryptography principles.  Continue Reading

• Patch management programs: Who should run them?

  Patch management is a crucial part of enterprise security defenses, but should security teams be in charge of it? Charles Kao explains how to make patching programs successful.  Continue Reading

• Continuous security monitoring advances automated scanning

  Battling threats in today's fast-paced cyberworld means shutting down vulnerabilities fast, which requires round-the-clock monitoring. Learn how to make it happen in your company.  Continue Reading

• Automated patch management and the challenges from IoT

  From creating an inventory to scanning for IoT vulnerabilities, learn the key steps to take when it comes to automating patch management in your company.  Continue Reading

• Why the Bleichenbacher attack is still around

  The Bleichenbacher attack got a new name after 20 years. Expert Michael Cobb reviews the ROBOT attack and discusses why it's still active this long after it emerged.  Continue Reading

• Web vulnerability scanners: What you won't learn from vendors

  Web security flaws are a serious issue that web vulnerability scanners can manage. Discover your best fit scanner as expert Kevin Beaver shares tips that vendors won't tell you.  Continue Reading

• Protecting safety instrumented systems from malware attacks

  Trisis malware targets safety instrumented systems and puts industrial control systems at risk. Expert Ernie Hayden reviews what to know about SIS and its security measures.  Continue Reading

• Use software forensics to uncover the identity of attackers

  By analyzing the proverbial fingerprints of malicious software -- its program code -- infosec pros can gain meaningful insights into an attacker's intent and identity.  Continue Reading

• Embedded application security: Inside OWASP's best practices

  OWASP released a draft of new guidelines for creating secure code within embedded software. Expert Judith Myerson discusses best practices, pitfalls to avoid and auditing tools.  Continue Reading

• What enterprises need to know about ransomware attacks

  Ransomware attacks on enterprises are often the result of a company's poor IT hygiene. Expert Joe Granneman looks at attacks like those by WannaCry and SamSam ransomware.  Continue Reading

• Mobile security issues require a unified approach

  Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps.  Continue Reading

• Counter mobile device security threats with unified tools

  Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses.  Continue Reading

• Perfecting the patch management process within enterprises

  Patching enterprise systems and software can be a daunting challenge. Charles Kao explains how the patch management process should work and what pitfalls to avoid.  Continue Reading