-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Exploit development tutorial - Part Deux
In our exploit development tutorial’s second part, we examine how you can write exploits in PERL. Then we see how to port exploits by scripting in Ruby. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Snapshots from nullcon Tritiya Day 2
A quick look at what happened during nullcon 2012. Photo Feature
-
Burp Suite training tutorial: Part 3 – Sequencer, decoder and composer
In the third installment of our Burp Suite training tutorial, learn how to analyze tokens, decode requests and compare responses using Burp Suite tools. Tutorial
-
Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free! Tutorial
-
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Tutorial
-
BYOD security: Where does India Inc stand?
With the proliferation of smart devices, BYOD security is a major concern for enterprises today. Find out how the leaders are coping with BYOD security. Feature
-
Sterlite’s firewall implementation: Standardizing perimeter security
Sterlite Technologies’ novel firewall implementation with centralized control of distributed threat management systems boasts a brass-tacks approach to IT. Case Study
-
Common software security oversights school
Common software security oversights can cause weaknesses you cannot afford to overlook. Kevin Beaver will share with you just what you need to know in order to find the most Web security vulnerabilities that are important in your environment and spec... Tutorial
- See More: Essential Knowledge on Application and Web threat defenses
-
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News | 13 Mar 2012
-
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel. News | 28 Feb 2012
-
CrowdStrike to make RSA 2012 debut with Android attack via Webkit
Firm led by well-known security experts George Kurtz and Dmitri Alperovitch will focus on defending against targeted attacks. News | 25 Feb 2012
-
RSA 2012 talk to offer help understanding IPv6 security issues
Understanding IPv6 security issues can be a challenge, but the protocol's co-inventor says enterprises can no longer afford to ignore IPv6 security concerns. News | 22 Feb 2012
-
Mobile security, BYOD policy issues to trend at RSA 2012, analysts say
BYOD policy issues are a big concern for enterprises grappling to secure employee smartphones and tablets, say analysts previewing RSA 2012. News | 21 Feb 2012
-
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking techniques. News | 16 Feb 2012
-
February 2012 Patch Tuesday: Critical IE, Windows kernel flaws fixed
Flaws in Internet Explorer and the Windows C Runtime library could be used to gain access to system files and download additional malware onto a victim’s machine. News | 14 Feb 2012
-
Android app security offers IT little comfort, despite Google Bouncer
Google’s new Bouncer tool aims to relieve some IT woes by scanning Android Market apps for malware. But Android app security concerns remain. News | 09 Feb 2012
-
Adobe issues support for Flash Player sandboxing in Firefox
Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals. News | 06 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
- See More: News on Application and Web threat defenses
-
UTM sizing tips for your network security needs
UTM appliances greatly ease the management of network security. But correct UTM sizing is of prime importance. Follow these UTM sizing tips to get it right. Tip
-
10 Linux security tools for system administrators
Linux-based tools for security are a boon to system admins for monitoring network security. Here are 10 popular and useful Linux-based security tools. Tip
-
CSRF attack: How hackers use trusted users for their exploits
A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Application security best practices for the cable industry
Application security and data privacy is a grave concern in the cable sector. Here’s a look at major application security threats and mitigation measures. Tip
-
A Web exploit toolkit reference guide for BackTrack 5
Web exploit toolkits help in vulnerability assessment and penetration testing. This article covers usage of popular Web exploit toolkits with BackTrack 5. Tip
-
Windows 7 exploit via hosted network, a security threat to enterprises
Windows 7 ships with the hosted network feature, which has the potential to become a Windows 7 exploit, and pose a serious security problem for enterprises. Tip
-
Advanced Wireshark tutorial: Packet and network security analysis
This Wireshark tutorial will familiarize you with Wireshark’s advanced features, such as analyzing packets and undertaking packet level security analysis. Tip
-
McAfee SaaS Endpoint Protection features & prices: An overview
On the cloud-based endpoint security front, McAfee's SaaS Endpoint Protection Suites are part of most evaluation lists. How heavy are they on the pocket? Tip
-
Do Web application firewalls complicate enterprise security strategy?
Using Web application firewalls should only be one slice of your overall enterprise network security strategy. Even then, users must be aware that application firewalls can leave behind vulnerabilities. Tip
- See More: Tips on Application and Web threat defenses
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
An intro to free Microsoft security tools for secure software development
Free Microsoft security tools Threat Modeling, MiniFuzz and RegExFuzz are designed to help developers build secure software. Answer
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents. Ask the Expert
-
Preventing cross-site request forgery attacks
Application security expert Michael Cobb explains how to stop cross-site request forgery attacks. Ask the Expert
-
Are Web application penetration tests still important? 2
Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors. Ask the Expert
-
How to detect input validation errors and vulnerabilities
Expert John Strand reviews how to spot input validation flaws on your websites. Ask the Expert
-
How to secure SSL following new man-in-the-middle SSL attacks
Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response. Ask the Expert
-
How to prevent cross-site scripting (XSS) session hijacking
Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses. Ask the Expert
-
What risks do application virtualization products pose?
Phrases that continue to be used to describe application virtualization are "isolation" or "bubble," but Michael Cobb examines the possible threats entering or escaping those 'isolated' environments. Ask the Expert
-
What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Ask the Expert
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
Stuxnet
The Stuxnet worm is a rootkit exploit that targets Supervisory Control and Data Acquisition (SCADA) systems. SCADA is used in power, water and sewage plants, as well as in telecommunications and oil and gas refining. Definition
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Cloud computing and security: How valid are the infosec concerns?
Learn about possible information security concerns and threats in cloud computing environments from Mano Paul, the Software Assurance Advisor for (ISC)2. Podcast
-
Balancing security and performance: Protecting layer 7 on the network
This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more. Video
-
FAQ: Corporate Web 2.0 Threats
In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs. ... Video
-
Dan Kaminsky on DNS, Web attacks
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on DNS and Web-based attack techniques. Video
-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Exploit development tutorial - Part Deux
In our exploit development tutorial’s second part, we examine how you can write exploits in PERL. Then we see how to port exploits by scripting in Ruby. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News
-
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel. News
-
CrowdStrike to make RSA 2012 debut with Android attack via Webkit
Firm led by well-known security experts George Kurtz and Dmitri Alperovitch will focus on defending against targeted attacks. News
-
RSA 2012 talk to offer help understanding IPv6 security issues
Understanding IPv6 security issues can be a challenge, but the protocol's co-inventor says enterprises can no longer afford to ignore IPv6 security concerns. News
-
Mobile security, BYOD policy issues to trend at RSA 2012, analysts say
BYOD policy issues are a big concern for enterprises grappling to secure employee smartphones and tablets, say analysts previewing RSA 2012. News
-
Snapshots from nullcon Tritiya Day 2
A quick look at what happened during nullcon 2012. Photo Feature
-
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking techniques. News
- See More: All on Application and Web threat defenses
About Application and Web threat defenses
Put application security and web threat defenses with these comprehensive resources. Prepare for web threats with the latest news. Analyze application security levels with the help of industry experts. Devise an application security policy. Evaluate your preparedness with application security testing and an application security audit.