Email Alerts
-
Royal Holloway 2012: A framework for preventing cross-site scripting
Based on his Royal Holloway thesis, Joseph Bugeja proposes a new framework for preventing cross-site scripting attacks. Feature
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
-
DNS security best practices to prevent DNS poisoning attacks
DNS cache poisoning is a threat to any Internet-connected enterprise. Learn how the attack method works and potential mitigation strategies in this thesis from Richard Agar of Royal Holloway University London. Royal Holloway eBook Seri
-
Face-off: Is antivirus dead?
Security experts Bruce Schneier and Marcus Ranum debate the longterm viability of antivirus software. Face-off
-
How to protect different enterprise channels of communication
Organizations have plenty of ways to communicate and transfer information. In this series of tips, Michael Cobb reviews how to secure four common outlets that can be easily taken advantage of by data thieves and malicious hackers. Learning Guide
-
How to tackle a buffer overflow attack and avoid vulnerabilities
Despite the research and learned papers on the subject, buffer overflow exploits seem to be as popular – and as successful – as ever Royal Holloway eBook Seri
-
How valuable is security vulnerability research?
Bruce Schneier and Marcus Ranum debate the ethics of vulnerability research. Face-off
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Insider's guide to IIS Web server security
In this primer, learn about IIS Web server hardening procedures, access control, security policies, and backup and recovery strategies. Primer
-
Information Security Learning Guides
A repository of our Learning Guides. SearchSecurity.com's Lear
- See more Essential Knowledge on Web Application Security
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News | 20 Apr 2012
-
For website owners, UK cookie law causing confusion, uncertainty
A survey of digital marketing professionals found some companies plan to take no action to comply with UK cookie law before the May 26 deadline. News | 27 Mar 2012
-
Study: Shnakule, four other malnets caused most 2011 attacks
Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012. News | 19 Mar 2012
-
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. News | 24 Feb 2012
-
Study finds attacks slip past spotty patch management policies
A study finds attackers targeting firms with poor patch management policies, exploiting vulnerabilities that should have been patched years ago. News | 10 Feb 2012
-
Survey: Types of DDoS attacks on the rise due to hacktivist groups
New DDoS statistics suggest hactivist groups are to blame for an increase in the number and types of DDoS attacks across the Internet. News | 09 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
-
Survey sheds light on SharePoint security concerns
Respondents' top SharePoint security concerns include frustrated users who inadvertently or deliberately circumvent security policies. News | 24 Jan 2012
-
Jericho founder: Get involved in plan for protecting identity online
Respected identity expert Paul Simmonds says the NSTIC's identity project needs European involvement, or it may not meet Europe's needs. News | 13 Jan 2012
-
Emerging 2012 security trends demand information security policy changes
2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. News | 29 Dec 2011
- See more News on Web Application Security
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
Using open source intelligence software for cybersecurity intelligence
Discover the information that may be leaking out of your organisation before hackers use it to launch an attack against your organization. Tip
-
“Click-for-tickets” fraud: Teaching users to sidestep Olympic scams
Attackers are expected to use the Games to foster email and Internet fraud. Learn how to help users sidestep Olympics-related scams. Tip
-
Building a secure website and maintaining good website design
As a new website is developed, security goals often lose out to design aspirations. Learn how to keep security at the top of the priority list. Tip
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
-
Four steps to comply with PECR, ICO cookies regulations
To comply with ICO regulations, you’ll need to clean up website cookies and prepare pop-up permission requests. Alan Calder explains how. Tip
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Add threat modelling to your Web application security best practices
Among any list of enterprise Web application security best practices, threat modelling is essential. Michael Cobb explains why in this expert article. Tip
-
PHP MVC framework tutorial: Learn Web application development security
Get tips on writing secure PHP Web apps from the start with these pointers from expert Michael Cobb. Tip
- See more Tips on Web Application Security
-
File upload security best practices: Block a malicious file upload
Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Answer
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
Forced browsing: Understanding and halting simple browser attacks
Forced browsing is when an attacker discovers the URL of a restricted webpage. Expert Rob Shapland explains how to halt this browser attack method. Ask the Expert
-
How to prevent Facebook hacking and Twitter hijacking
Organisations should guard against Facebook hacking and Twitter hijacking. Expert Davey Winder discusses Twitter and Facebook security tools that can help. Answer
-
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Ask the Expert
-
Are there Web service security standards or risk assessment checklists?
As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are there Web service security standards whereby businesses can assess that security? Expert Neil O'Conno... Ask the Expert
-
Pwn2Own results: The most secure Internet browser for enterprises
Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the results of the 2010 CanSecWest Pwn2Own competition to give browser advice. Ask the Expert
-
Google cloud applications: Secure enough for the enterprise?
Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using such apps in the enterprise. Ask the Expert
-
Securing Web applications with Web application firewalls
Are Web application firewalls the best choice for securing Web applications? In this expert response, find out what other Web application security options are out there. Ask the Expert
-
How to prevent Adobe hacks from affecting your organisation
In this expert response, find out why Adobe has been an enticing target for PDF attacks recently. Ask the Expert
- See more Expert Advice on Web Application Security
-
barnacle
In a computer, a barnacle is unwanted programming, such as adware or spyware, that is downloaded and installed along with a user-requested program. Definition
-
Serious Organized Crime Agency (SOCA)
The Serious Organized Crime Agency (SOCA) is a policing agency dedicated to the identification of criminal activity related to drug trafficking, money laundering, identity theft and immigration. SOCA is based in the United Kingdom. (Continued...) Definition
-
Basel II
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by operations. (Continued...) Definition
-
Survey roundup: Trends in IT security topics
Surveys on a variety of IT security topics highlighted key trends in Web application vulnerabilities, cloud computing concerns and the motivations behind attacks. Photo Story
-
Web application firewall: Protection against most security vulnerabilities?
Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats. Video
-
New SQL injection attacks and defense
Lenny Zeltser, security consulting leader at Savvis Inc., explains how some are using SQL injection to actually embed new content, particularly HTML code. Video
-
CISSP Essentials training: Domain 6, Application and System Development
In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured. Video
-
Inside a retail hack
Kevin Mandia of security consultancy Mandiant Corp. reviews an attack that is commonly used to swipe PIN numbers and compromise retailers: SQL injection. Video
-
Royal Holloway 2012: A framework for preventing cross-site scripting
Based on his Royal Holloway thesis, Joseph Bugeja proposes a new framework for preventing cross-site scripting attacks. Feature
-
The new EU data protection regulation: Planning for compliance
The new data protection rule will impact businesses worldwide. Discover quick wins for SMBs and projects for large businesses to move to compliance. Tip
-
Using open source intelligence software for cybersecurity intelligence
Discover the information that may be leaking out of your organisation before hackers use it to launch an attack against your organization. Tip
-
“Click-for-tickets” fraud: Teaching users to sidestep Olympic scams
Attackers are expected to use the Games to foster email and Internet fraud. Learn how to help users sidestep Olympics-related scams. Tip
-
File upload security best practices: Block a malicious file upload
Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Answer
-
ISBS 2012 report: Security slow to adapt to new technologies
PwC’s ISBS 2012 report, which will be presented at Infosecurity 2012, shows security teams react too slowly to threats from new technologies. News
-
Privacy and electronic communications regulations: Guide to EU cookie compliance
Get advice for implementing PECR regulations requiring website owners to request users’ permission to place a tracking cookie. Guide
-
EU cookie regulations: Advice for firms in the US and other countries
Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations? Answer
-
Building a secure website and maintaining good website design
As a new website is developed, security goals often lose out to design aspirations. Learn how to keep security at the top of the priority list. Tip
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
- See more All on Web Application Security
About Web Application Security
Secure your Web applications and defend against Web application hacking. Here you will get the latest news and information on Web application security firewalls, threats and vulnerabilities.