Tips

Tips

• What GDPR requirements mean for U.S. companies

  The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply.  Continue Reading

• Use caution with OAuth 2.0 protocol for enterprise logins

  Many apps are using the OAuth 2.0 protocol for both authentication and authorization, but technically it's only a specification for delegated authorization, not for authentication.  Continue Reading

• Data breach litigation: What enterprises should know

  Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach.  Continue Reading

• How a technology advisory group can benefit organizations

  A technology advisory group can have an irreplaceable impact on an organization. Kevin McDonald explains how volunteer advisors can aid law enforcement and other organizations.  Continue Reading

• How to add HTTP security headers to various types of servers

  Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager.  Continue Reading

• How to prevent password attacks and other exploits

  Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses.  Continue Reading

• How security controls affect web security assessment results

  Network security controls are a blessing and a curse as they help an organization's IT environment, yet hinder web security assessment results. Kevin Beaver explains how they work.  Continue Reading

• How social engineering attacks have embraced online personas

  Discover the extent to which attackers will go to plan social engineering attacks. Nick Lewis explains how the progression of threats is changing how we monitor social media.  Continue Reading

• Email security issues: How to root out and solve them

  Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more.  Continue Reading

• How to prepare for potential IPv6 DDoS attacks

  Enterprises learn how to prepare for IPv6 with DDoS attack tools. Michael Cobb further addresses the inevitable attacks and what users can do.  Continue Reading

• Why threat models are crucial for secure software development

  Threat modeling is an important component of the secure software development process. Steve Lipner of SafeCode explains how threat models benefit software security.  Continue Reading

• Learn how to identify and prevent access control attacks

  Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.  Continue Reading

• How shared cloud security assessments can benefit enterprises

  Ensuring cloud security is a constant problem that shared cloud security assessments are trying to address. Learn about the benefits of sharing assessments with Nick Lewis.  Continue Reading

• Windows XP patches: Did Microsoft make the right decision?

  Microsoft had to make several tradeoffs when developing patches for Windows XP. Expert Nick Lewis explains what these tradeoffs were and how enterprises should respond.  Continue Reading

• How automated web vulnerability scanners can introduce risks

  While automation is a key ingredient for security, it can't always be trusted. This especially holds true when running web vulnerability scanners, as Kevin Beaver explains.  Continue Reading