Tips

Tips

• How to add HTTP security headers to various types of servers

  Expert Judith Myerson outlines the different types of HTTP security headers and how to add them to different servers, including Apache, Ngnix and Microsoft IIS Manager.  Continue Reading

• How to prevent password attacks and other exploits

  Prevention is essential to protection against various types of password attacks, unauthorized access and related threats. Expert Adam Gordon outlines how to proactively bolster your defenses.  Continue Reading

• How security controls affect web security assessment results

  Network security controls are a blessing and a curse as they help an organization's IT environment, yet hinder web security assessment results. Kevin Beaver explains how they work.  Continue Reading

• How social engineering attacks have embraced online personas

  Discover the extent to which attackers will go to plan social engineering attacks. Nick Lewis explains how the progression of threats is changing how we monitor social media.  Continue Reading

• Email security issues: How to root out and solve them

  Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more.  Continue Reading

• How to prepare for potential IPv6 DDoS attacks

  Enterprises learn how to prepare for IPv6 with DDoS attack tools. Michael Cobb further addresses the inevitable attacks and what users can do.  Continue Reading

• Why threat models are crucial for secure software development

  Threat modeling is an important component of the secure software development process. Steve Lipner of SafeCode explains how threat models benefit software security.  Continue Reading

• Learn how to identify and prevent access control attacks

  Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.  Continue Reading

• How shared cloud security assessments can benefit enterprises

  Ensuring cloud security is a constant problem that shared cloud security assessments are trying to address. Learn about the benefits of sharing assessments with Nick Lewis.  Continue Reading

• Windows XP patches: Did Microsoft make the right decision?

  Microsoft had to make several tradeoffs when developing patches for Windows XP. Expert Nick Lewis explains what these tradeoffs were and how enterprises should respond.  Continue Reading

• How automated web vulnerability scanners can introduce risks

  While automation is a key ingredient for security, it can't always be trusted. This especially holds true when running web vulnerability scanners, as Kevin Beaver explains.  Continue Reading

• How app libraries share user data, even without permission

  A new study shows how app libraries can share data among apps, even without permission. Michael Cobb explains how library collusion works and what users can do about it.  Continue Reading

• Analyzing the flaws of Adobe's HTTP security headers

  A recent patching issue with Flash drew attention to shortcomings with Adobe's HTTP security headers. Judith Myerson discusses the importance of HTTP header security.  Continue Reading

• Addressing web server vulnerabilities below the application layer

  Web application security is crucial, but enterprises also need to look below that layer for weaknesses. Kevin Beaver explains how to look for common web server vulnerabilities.  Continue Reading

• Considerations for developing a cyber threat intelligence team

  The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.  Continue Reading