-
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
-
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," pu... Book Chapter
-
Attacking Web authorization: Web authorization-Session token security
This excerpt from Chapter 5: Attacking Web Authorization of "Hacking Exposed Web Applications, Second Edition," by Joel Scambray, Mike Schema and Caleb Sima provides authorization and session management technique best practices Book Chapter
-
Web Browser Security Learning Guide
Created in partnership with SearchWindowsSecurity.com, this learning guide identifies the inherent flaws of Internet Explorer and Mozilla Firefox, introduces viable Web browser alternatives, and provides tools and tactics to maximize your Web browsin... Learning Guide
-
Quiz: Could you detect an application attack?
Take this five-question quiz to test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks. Security Quiz
-
Information Security Quizzes
Test your knowledge of everything security, from network security to regulatory compliance, with our collection of quizzes. Security Quiz
-
Web Application Attacks Learning Guide
This Web application attacks guide explains how Web application attacks occur, identifies Web application attack types, and provides Web application security tools and tactics to protect against them. Learning Guide
-
XML Security Learning Guide
Securing XML is an essential element in keeping Web services secure. This SearchSecurity.com Learning Guide is a compilation of resources that review different types of XML security standards and approaches for keeping your XML Web services secure. Learning Guide
-
State-based attacks: Session management
In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to prote... Book Chapter
- See More: Essential Knowledge on Web Application Security
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News | 10 Feb 2012
-
Survey: Types of DDoS attacks on the rise due to hacktivist groups
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet. News | 09 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
-
Survey sheds light on SharePoint security concerns
Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies. News | 24 Jan 2012
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News | 13 Jan 2012
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News | 29 Dec 2011
-
Preparing for latest security attacks means planning for failure
Any security defence may, at some point, fail. Experts at RSA Europe said security pros must be agile to dodge the latest security attacks. News | 19 Oct 2011
-
Web inventor Tim Berners-Lee on vision for the future of IT security
Web inventor Tim Berners-Lee told RSA Europe attendees the future of IT security must include greater simplicity for users. News | 14 Oct 2011
-
RSA Europe Conference 2011: Nation state groups behind RSA attack
RSA revealed a “nation state” was behind the SecurID attack in March. Twitter and Facebook are still banned at RSA. News | 13 Oct 2011
-
UK security firm finds new Apache Web server security flaw
The new Apache Web server security issue could allow hackers access to internal or DMZ systems, says a London security firm. News | 07 Oct 2011
- See More: News on Web Application Security
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Add threat modelling to your Web application security best practices
Among any list of enterprise Web application security best practices, threat modelling is essential. Michael Cobb explains why in this expert article. Tip
-
PHP MVC framework tutorial: Learn Web application development security
Get tips on writing secure PHP Web apps from the start with these pointers from expert Michael Cobb. Tip
-
Cross-site request forgery: Lessons from a CSRF attack example
Cross-site request forgery attacks can lead to serious damage to websites. See how lessons from a CSRF attack example can help prevent these attacks. Tip
-
Project collaboration tools: Web security policy for B2B collaboration
Project collaboration tools are easy for users to set up. Securing them, however, takes a bit more time and effort. Tip
-
Creating a Java security framework that thwarts a Java exploit
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis. Tip
-
Preventing and detecting security vulnerabilities in Web applications
Web applications are often developed quickly with little thought to security. Expert Richard Brain explains how to detect common Web app flaws. Tip
-
DNS server security: Finding and using DNSSEC tutorial resources
DNSSEC isn't a panacea for DNS security woes, but it can do a great deal for Internet security within enterprises. In this tip, Michael Cobb explains the importance of DNSSEC, and where to find (and how to use) DNSSEC tutorial resources. Tip
-
Avoid common Web application firewall configuration errors
Web application firewalls are fundamental to the security of any Web application, but they are only truly effective if configured properly. Nick Garlick reviews the best ways to avoid common WAF implementation errors. Tip
- See More: Tips on Web Application Security
-
Are there Web service security standards or risk assessment checklists?
As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are there Web service security standards whereby businesses can assess that security? Expert Neil O'Conno... Ask the Expert
-
Pwn2Own results: The most secure Internet browser for enterprises
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the results of the 2010 CanSecWest Pwn2Own competition to give browser advice. Ask the Expert
-
Google cloud applications: Secure enough for the enterprise?
Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using such apps in the enterprise. Ask the Expert
-
Securing Web applications with Web application firewalls
Are Web application firewalls the best choice for securing Web applications? In this expert response, find out what other Web application security options are out there. Ask the Expert
-
How to prevent Adobe hacks from affecting your organisation
In this expert response, find out why Adobe has been an enticing target for PDF attacks recently. Ask the Expert
-
What is the best choice for an enterprise Web browser?
In this expert Q&A, Richard Brain reviews enterprise browser choices and the best ways to keep them secure once you make a decision. Ask the Expert
-
How does search engine malware spread?
Expert Richard Brain explains how malware can take advantage of Web crawlers and spread malicious code to a number of vulnerable websites. Ask the Expert
-
How do attackers use Google to hack?
Richard Brain explains how to protect your website and Web servers from Google hacks. Ask the Expert
-
Why can Google block virus-infected websites; how do you stop a ban?
Expert Richard Brain explains why Google may block virus-infected websites and what you can do to prevent your website from being banned by Google. Ask the Expert
-
How to find and prevent SQL injection attack vulnerabilities
If your site uses a SQL server, then it is probably vulnerable to some form of SQL injection. Expert Richard Brain explains how to strengthen database defenses. Ask the Expert
- See More: Expert Advice on Web Application Security
-
Serious Organized Crime Agency (SOCA)
The Serious Organized Crime Agency (SOCA) is a policing agency dedicated to the identification of criminal activity related to drug trafficking, money laundering, identity theft and immigration. SOCA is based in the United Kingdom. (Continued...) Word
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Word
-
barnacle
In a computer, a barnacle is unwanted programming, such as adware or spyware, that is downloaded and installed along with a user-requested program. Word
-
Web application firewall: Protection against most security vulnerabilities?
Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats. Video
-
New SQL injection attacks and defense
Lenny Zeltser, security consulting leader at Savvis Inc., explains how some are using SQL injection to actually embed new content, particularly HTML code. Video
-
CISSP Essentials training: Domain 6, Application and System Development
In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured. Video
-
Inside a retail hack
Kevin Mandia of security consultancy Mandiant Corp. reviews an attack that is commonly used to swipe PIN numbers and compromise retailers: SQL injection. Video
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News
-
Survey: Types of DDoS attacks on the rise due to hacktivist groups
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet. News
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News
-
Survey sheds light on SharePoint security concerns
Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies. News
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Add threat modelling to your Web application security best practices
Among any list of enterprise Web application security best practices, threat modelling is essential. Michael Cobb explains why in this expert article. Tip
-
Preparing for latest security attacks means planning for failure
Any security defence may, at some point, fail. Experts at RSA Europe said security pros must be agile to dodge the latest security attacks. News
- See More: All on Web Application Security
About Web Application Security
Secure your Web applications and defend against Web application hacking. Here you will get the latest news and information on Web application security firewalls, threats and vulnerabilities.