Web App Security

591c39c65cf5c298ccd0f1cd5818e961

End-to-end Encryption, Today -- Loophole Closed or Moved?

April 22, 2016 Added by:Vanishree Rao

End-to-end encryption does not solve the problem, despite the common perception that it is the holy grail of instant-messaging security. It is necessary that service providers shift their attention toward non-traditional key-derivation mechanisms to close the loophole.

Comments  (0)

0691ab2a89db6dae5b9845dee3dd63a4

Cloud Email Applications Could Put Your Corporate Data at Risk

April 12, 2016 Added by:Yotam Gutman

Third party email cloud application could expose the organizations data since employees now have the ability to grant applications access to their corporate information

Comments  (0)

05a24d7e4020553c4a923a0d8126d8c9

Reducing the Attack Surface is a Fool’s Errand

April 01, 2016 Added by:Paul Morville

This April Fool’s Day, let’s acknowledge that a security strategy focused exclusively on patching and prevention is a fool’s errand and let’s move towards an adaptive approach that includes prevention, detection, continuous visibility and response.

Comments  (0)

F08d1219500edcf01d8b56ee28634437

March Madness Security Threats Can Drive Any Organization Mad!

March 14, 2016 Added by:Mark Parker

Unfortunately, while the popularity of March Madness (the NCAA Basketball Tournament) has grown exponentially, nearly every facet of any employee’s involvement with the event could open up the employee, as well as the organization, to a number of cyber risks.

Comments  (0)

C492d23f3758cf5cdee0b35b74cc36f1

Web Application Firewall: a Must-Have Security Control or an Outdated Technology?

March 09, 2016 Added by:Ilia Kolochenko

Being insufficient to properly mitigate complicated security flaws in modern web applications, a Web Application Firewall still remains a necessary security control within organizations. 

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Bringing Innovation into Cyberdefense Technologies

February 22, 2016 Added by:Larry Karisny

When I spoke on the need for cybersecurity innovation at the January ITEXPO conference in Fort Lauderdale, Fla., I sensed something interesting about my cybersecurity colleagues: They don't seem to care about innovation; they care about having a job in cybersecurity.

Comments  (0)

1fec6881fe864bc30369edb548ea22b1

Yes. The World Needs More Security Predictions

February 17, 2016 Added by:Dan Lohrmann

With the surging growth in cyberspace, new technologies, Wi-Fi, apps, robots, drones, terrorists with social media accounts, the Internet of Things (IoT) and nation-state hacking, online data security has become the Achilles’ heel of the Internet. A growing number of people want to know about new apps available for their smartphones and their data in the cloud – along with the upcoming securit...

Comments  (0)

Ffc4103a877b409fd8d6da8f854f617e

Top Five Enterprise Data Privacy Mistakes

January 28, 2016 Added by:InfosecIsland News

The European General Data Protection Regulation is a new privacy regulation with fines as high as four percent of annual global revenue for companies that fail to safeguard data of EU citizens and residents. In the U.S. 16 states recently introduced new, ACLU supported data privacy legislation. In spite of efforts to improve privacy protections many enterprises are not doing enough to protect cons...

Comments  (0)

1fec6881fe864bc30369edb548ea22b1

What Do Star Wars and Recent Data Breaches Teach Us About Cyber Ethics?

December 21, 2015 Added by:Dan Lohrmann

Beyond cyber war and the good guys having the right tools to catch the bad guys, there can be a tendency to ignore “more mundane” acceptable use directives. That is, security staff can download copyrighted material (movies and games), view porn at work, look at information that is private (like promotions, raises or other data from management), “borrow” passwords or delete log files to cov...

Comments  (0)

42fb3cf91c317323e67053c29ed52fbd

Cybersecurity Predictions for 2016

December 16, 2015 Added by:Tim Liu

2015 was another fascinating year for cybersecurity. From the OPM to Anthem, Ashley Madison and countless other data breaches, there was no shortage of stories capturing national attention. So what does 2016 have in store?

Comments  (0)

C492d23f3758cf5cdee0b35b74cc36f1

Why Companies Fail to Secure Their Web Apps

December 14, 2015 Added by:Ilia Kolochenko

The five things that companies do to make hacking into their websites and web applications even easier for the hackers.

Comments  (0)

D36d0936f0c839be7bf2b20d59eaa76d

Managing Security Resources: It’s All About People and Awareness (Part I)

December 01, 2015 Added by:Steve Durbin

Organizations worldwide continue to struggle to attract and retain skilled information and cybersecurity professionals. Overcoming this challenge requires a more imaginative, business and people-centric approach to the recruitment of security professionals.

Comments  (0)

Af2c9843333cc1e2578ddf18b3eed066

Is the Joomla CVE in Your Enterprise Digital Footprint?

November 12, 2015 Added by:Peter Zavlaris

Joomla is the second most popular CMS according to w3Techs. For those in the business of spreading malware or phishing scams, this is a huge opportunity.

Comments  (0)

54a9b7b662bfb0f0445d1661d7ed180b

Complex and Portable Passwords

November 10, 2015 Added by:Jayson Wylie

A person needing to keep and collect passwords for resources, throughout their lives, can create situations where maintaining them requires constant resets or means that could lack security.

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SAP Afaria Stored XSS vulnerability - detailed review

October 21, 2015 Added by:Alexander Polyakov

Today we will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways.

Comments  (0)

C492d23f3758cf5cdee0b35b74cc36f1

Can CTF Players Replace Professional Penetration Testers?

September 23, 2015 Added by:Ilia Kolochenko

The first issue with the majority of CTFs is that they focus on single result (flag), rather than a process of comprehensive consecutive security testing.

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »