-
Defending against an advanced persistent threat (APT)
In this expert response, Nick Lewis explains how organizations should -- or in some cases, shouldn't -- protect against what's known as Advanced Persistent Threat.
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents.
-
Preventing cross-site request forgery attacks
Application security expert Michael Cobb explains how to stop cross-site request forgery attacks.
-
How to prevent brute force webmail attacks
Expert Sherri Davidoff explains why brute-force attacks on webmail accounts are such a popular hacking technique.
-
How to prevent mobile phone spying
Your cell phone conversations and wireless activity are not private, says resident threat expert Sherri Davidoff, and it's important to remember that mobile phone spying is far too easy.
-
How can search results lead to malware?
Search engines aren't fundamentally designed to find trustworthy sites, just popular and relevant ones. Expert Sherri Davidoff explains how attackers are injecting malicious pages into search results.
-
What is the difference between a VPN and remote control?
Mike Chapple reviews VPNs, remote controls, and how the two security technologies can be used in tandem.
-
Are Web application penetration tests still important?
Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and cod...
-
Are Web application penetration tests still important? 2
Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and cod...
-
What are the security risks of Windows Vista RSS functionality?
The RSS support in Windows Vista exposes feed handling and management to other Windows applications. However, any technology that allows data to be shared across applications carries risks, says ex...
-
How to prevent network denial-of-service attacks
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign.
-
How to harden Linux operating systems
Specific advice on hardening a server depends to some extent on its intended role, says expert Michael Cobb in this SearchSecurity.com Q&A.
-
How to detect input validation errors and vulnerabilities
Expert John Strand reviews how to spot input validation flaws on your websites.
-
What are today's antivirus software trends?
Expert John Strand reveals two exciting trends in antivirus software.
-
The telltale signs of a network attack
Some people believe that if IP addresses from China are attacking their network, then they are under attack from China. Expert John Strand explains why all that it is irrelevant.
-
How to detect keyloggers
In this expert response, Michael Cobb explains how to detect the many rootkits available to today's attackers.
-
Best practices for log data retention
Figuring out how long to retain log data and how much log data should be kept in the event of incident response can be tricky to navigate. In this information security management expert response, D...
-
How to secure SSL following new man-in-the-middle SSL attacks
Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response.
-
Best practices for choosing an information security team new hire
Hiring someone for your information security team? In this expert response, information security management expert David Mortman explains what relevant information security experience is.
-
The case against UTM: Is there a better alternative?
Unified threat management (UTM) promises tighter security with less required oversight, but are there security risks inherent in deploying UTM appliances? Enterprise network security expert Mike Ch...
-
Full-packet capture vs. capture network flow data
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead.
-
Secure software: Intro to free Microsoft security tools
Free Microsoft security tools Threat Modeling, MiniFuzz and RegExFuzz are designed to help developers build secure software.
-
Penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised.
Submit a question to our experts