Web App Security

F45df53d99605d46f5ae32b7bed9fe22

Anthem Breach: How Hackers Stole Credentials and Why Two-Factor Authentication May Help Prevent Future Phishing Scams

February 09, 2015 Added by:Thu Pham

If the Anthem attack was carried out as the result of using a single password, their access security wasn’t up to industry standards. Two-factor authentication may have thwarted attacks by requiring the use of a personal device to verify the identity of a system administrator or other technical employee with access to their database of millions of sensitive records.

Comments  (3)

Fc152e73692bc3c934d248f639d9e963

SSL is Officially Declared Dead

February 09, 2015 Added by:PCI Guru

Not that this should be a surprise to any QSA as the POODLE vulnerability effectively killed SSL. The Council has now officially announced that SSL is no longer deemed to be strong cryptography.

Comments  (3)

65be44ae7088566069cc3bef454174a7

Data Collection Must be Limited for Internet of Things Privacy

February 02, 2015 Added by:Rebecca Herold

I know people use and love the wearable fitness devices and credit them with helping them to get into better shape. However, consumers concerned about privacy want to know about all the data the devices are collecting, along with how it is being used and shared, before using the devices.

Comments  (3)

7ddc1f3000a13e4dfec28074e9e7b658

How Verizon and Turn Defeat Browser Privacy Protections

January 15, 2015 Added by:Electronic Frontier Foundation

Verizon advertising partner Turn has been caught using Verizon Wireless's UIDH tracking header to resurrect deleted tracking cookies and share them with dozens of major websites and ad networks, forming a vast web of non-consensual online tracking.

Comments  (1)

7ddc1f3000a13e4dfec28074e9e7b658

Let's Encrypt (the Entire Web): 2014 in Review

January 06, 2015 Added by:Electronic Frontier Foundation

We've been pursuing the ideas that turned into Let's Encrypt for three years, so it was a great pleasure to be able to share what we've been working on with the world.

Comments  (4)

6a71825dbf6d876764b845e0fd664e0b

Moving from Alert-Driven to Intelligence-Driven Security

January 05, 2015 Added by:Paul Lipman

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the Chief Information Security Officer's (CISO’s) visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

Comments  (1)

65be44ae7088566069cc3bef454174a7

5 Effective Ways to Raise Privacy Awareness

December 18, 2014 Added by:Rebecca Herold

Here are five of the ways that I’ve found to be very effective for raising privacy awareness throughout the years.

Comments  (0)

298ae75e0e4be21caa0c666fb05fcf67

Pwning Networks Through Vulnerable Applications

December 08, 2014 Added by:Saurabh Harit

If you are a pentester, you would agree that one of the most common ways of compromising a network is through vulnerable 3rd-party applications.

Comments  (0)

65be44ae7088566069cc3bef454174a7

“Privacy Information” Depends upon Context

December 08, 2014 Added by:Rebecca Herold

Lack of understanding of privacy, and understanding of the data that impacts privacy, is what creates many of our current privacy problems throughout private and public industries.

Comments  (0)

6a71825dbf6d876764b845e0fd664e0b

Security in 2015: The Internet Becomes the Corporate Network Perimeter

December 05, 2014 Added by:Paul Lipman

The cloud has been widely hailed as the most disruptive force in modern business. Indeed, the world is in the midst of fundamentally profound transformations, enabled by the cloud, in the ways in which we access and interact with data and applications. Unfortunately, the security industry has not kept pace with these transformational trends, necessitating an equally profound change in the way we s...

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Phones, Phablets and Clouds - Securing Today’s New Infrastructure

December 03, 2014 Added by:Steve Durbin

Despite the undeniable corporate and consumer interest, the security and privacy implications of cloud and mobile connected devices are concerning many security professionals. Countless organizations are still playing catch up – Bring Your Own Device (BYOD) polices are only starting to be embedded, reviewed and updated. IT departments are overwhelmed with the amount of devices entering the workp...

Comments  (1)

65be44ae7088566069cc3bef454174a7

4 Privacy Predictions for 2015

December 01, 2014 Added by:Rebecca Herold

I was asked to provide a few predictions for 2015. Based upon not only what I’ve seen in 2014, but also foreshadowing from the past two-three decades, here are some realistic possibilities.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

What Makes a Good Security Audit?

November 10, 2014 Added by:Electronic Frontier Foundation

In order to have confidence in any software that has security implications, we need to know that it is has been reviewed for structural design problems and is being continuously audited for bugs and vulnerabilities in the code.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)

Bd07d58f0d31d48d3764821d109bf165

How to Build Up Your Secure Development

October 13, 2014 Added by:Tripwire Inc

At some point, your company is going to get the security wake-up call. Whether it’s a breach or an inquiry from an important customer that triggers it, your executives are going to call you one morning, demanding you focus on security in the development of your product.

Comments  (0)

96d1382d50a8e569d7ad3d9ee104a1f7

IT Security’s Russian Roulette -- Legacy Java Vulnerabilities

October 09, 2014 Added by:Prateep Bandharangshi

The two primary reasons that legacy Java security risks persist are cost of mitigation and operational impacts.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »