Tips

Tips

• Email security issues: How to root out and solve them

  Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more.  Continue Reading

• How to prepare for potential IPv6 DDoS attacks

  Enterprises learn how to prepare for IPv6 with DDoS attack tools. Michael Cobb further addresses the inevitable attacks and what users can do.  Continue Reading

• Why threat models are crucial for secure software development

  Threat modeling is an important component of the secure software development process. Steve Lipner of SafeCode explains how threat models benefit software security.  Continue Reading

• Learn how to identify and prevent access control attacks

  Once an attacker has gained entry to a network, the consequences can be severe. Find out how the right access control tools can help prevent that from happening.  Continue Reading

• How shared cloud security assessments can benefit enterprises

  Ensuring cloud security is a constant problem that shared cloud security assessments are trying to address. Learn about the benefits of sharing assessments with Nick Lewis.  Continue Reading

• Windows XP patches: Did Microsoft make the right decision?

  Microsoft had to make several tradeoffs when developing patches for Windows XP. Expert Nick Lewis explains what these tradeoffs were and how enterprises should respond.  Continue Reading

• How automated web vulnerability scanners can introduce risks

  While automation is a key ingredient for security, it can't always be trusted. This especially holds true when running web vulnerability scanners, as Kevin Beaver explains.  Continue Reading

• How app libraries share user data, even without permission

  A new study shows how app libraries can share data among apps, even without permission. Michael Cobb explains how library collusion works and what users can do about it.  Continue Reading

• Analyzing the flaws of Adobe's HTTP security headers

  A recent patching issue with Flash drew attention to shortcomings with Adobe's HTTP security headers. Judith Myerson discusses the importance of HTTP header security.  Continue Reading

• Addressing web server vulnerabilities below the application layer

  Web application security is crucial, but enterprises also need to look below that layer for weaknesses. Kevin Beaver explains how to look for common web server vulnerabilities.  Continue Reading

• Considerations for developing a cyber threat intelligence team

  The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee.  Continue Reading

• Make your incident response policy a living document

  Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members.  Continue Reading

• Prevent a network security attack by isolating the infrastructure

  It may sound like network security basics, but don't underestimate the power of proper segmentation and isolation as an effective way to protect your enterprise network from attack.  Continue Reading

• How the Docker REST API can be turned against enterprises

  Security researchers discovered how threat actors can use the Docker REST API for remote code execution attacks. Michael Cobb explains this threat to Docker containers.  Continue Reading

• Understanding data manipulation attacks in enterprise security

  When it comes to protecting data, ransomware isn't the only thing that should worry enterprises. Nick Lewis explains the threat of data manipulation attacks and how to stop them.  Continue Reading