Email Alerts
-
Genpact boosts security management with SIEM tool
An early adopter of SIEM technology in India, leading BPO firm Genpact’s nine-year journey to SIEM nirvana forms the focus of this case study. Case Study
-
HDFC Bank’s ISO 27004 compliant security metrics a boost toward GRC
An ISO/IEC 27004 compliant metrics program is a rarity in the Indian infosec circuit. Indian BFSI major HDFC Bank’s ISMS has been there, done that. Case Study
-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Exploit development tutorial - Part Deux
In our exploit development tutorial’s second part, we examine how you can write exploits in PERL. Then we see how to port exploits by scripting in Ruby. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Snapshots from nullcon Tritiya Day 2
A quick look at what happened during nullcon 2012. Photo Feature
-
Burp Suite training tutorial: Part 3 – Sequencer, decoder and composer
In the third installment of our Burp Suite training tutorial, learn how to analyze tokens, decode requests and compare responses using Burp Suite tools. Tutorial
-
Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free! Tutorial
-
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Tutorial
-
BYOD security: Where does India Inc stand?
With the proliferation of smart devices, BYOD security is a major concern for enterprises today. Find out how the leaders are coping with BYOD security. Feature
- See more Essential Knowledge on Application and Web threat defenses
-
Security tech market set to grow 8.7% in 2013, says Gartner
The worldwide security technology and services market will reach $67.2bn in 2013, up 8.7% from 2012, according to research firm Gartner News | 11 Jun 2013
-
Six ways to secure IP V6
Indian businesses must take charge of the inherit security threats that migrating to IP V6 brings. News | 26 Apr 2013
-
Indian companies must increase phishing awareness
Businesses are being targeted for phishing attacks. These attacks are increasingly turning into a corporate concern, with much at stake -- such as reputation damage. News | 25 Apr 2013
-
Study finds most antivirus products ineffective
Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva. News | 27 Nov 2012
-
Cloud security begins with the contract, says expert
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro. News | 21 Nov 2012
-
Mobile impacting cloud security issues, says panel
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies. News | 07 Nov 2012
-
Application vulnerability disclosures rise, Microsoft finds
The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft. News | 11 Oct 2012
-
Some activist DDoS attacks growing in sophistication, expert says
Most distributed denial-of-service attacks are easily filtered out, but individuals with the technical skills can mirror legitimate traffic. News | 27 Sep 2012
-
Network threat detection moves beyond signatures
Network threat detection requires content monitoring and analysis, rather than solely relying on matching network packets to existing signatures. News | 02 Jul 2012
-
UGNazi hacker group claims responsibility for Twitter outage
A hacktivist group known as UGNazi claims responsibility for multiple Twitter outages today, though Twitter has denied any attacks on its service. News | 21 Jun 2012
- See more News on Application and Web threat defenses
-
Assumption of breach: How a new mindset can help protect critical data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains. Tip
-
Mitigate phishing attacks in the cloud: A how-to
As Indian enterprises increasingly move to the cloud, so are phishing attempts. Here are some ways to mitigate the risks of phishing in the cloud. Tip
-
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Tip
-
Security big data: Preparing for a big data collection implementation
Learn how security big data initiatives support enterprise information security and how to prepare for a big data collection implementation. Tip
-
Leading Indian banking portals contain glaring security lapses
Even as Internet banking portals transform the way Indians bank, vulnerabilities exist in banking websites like SBI, Citibank India, HDFC Bank and ICICI Bank. Tip
-
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Tip
-
The case for using anomaly-based monitoring in zero-day detection
Expert Char Sample explains how anomaly-based monitoring may be a key step forward in uncovering zero-day vulnerabilities. Tip
-
Intro: How big data benefits enterprise information security posture
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape. Tip
-
Cloud architecture security - Part 2: Extrinsic controls
For securing cloud architecture there are some external control measures to be applied. Learn what these extrinsic controls should be and how to apply them. Tip
-
Why static code analysis’ benefits go beyond mere VA/PT
While everyone has joined the VA/PT bandwagon, few Indian organizations consider static code analysis viable. We look at where static code analysis scores. Tip
- See more Tips on Application and Web threat defenses
-
Monitor outbound traffic: Full-packet capture or only capture network flow data?
If an enterprise can't afford to implement full-packet capture, expert Mike Chapple recommends trying to capture network flow data instead. Answer
-
An intro to free Microsoft security tools for secure software development
Free Microsoft security tools Threat Modeling, MiniFuzz and RegExFuzz are designed to help developers build secure software. Answer
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents. Ask the Expert
-
Preventing cross-site request forgery attacks
Application security expert Michael Cobb explains how to stop cross-site request forgery attacks. Ask the Expert
-
Are Web application penetration tests still important? 2
Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors. Ask the Expert
-
How to detect input validation errors and vulnerabilities
Expert John Strand reviews how to spot input validation flaws on your websites. Ask the Expert
-
How to secure SSL following new man-in-the-middle SSL attacks
Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response. Ask the Expert
-
How to prevent cross-site scripting (XSS) session hijacking
Cross-site scripting and SQL injections still providing hackers with plenty of opportunities to successfully access data or take control of a compromised machine. MIchael Cobb explains how you can improve your application defenses. Ask the Expert
-
What risks do application virtualization products pose?
Phrases that continue to be used to describe application virtualization are "isolation" or "bubble," but Michael Cobb examines the possible threats entering or escaping those 'isolated' environments. Ask the Expert
-
What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request. Ask the Expert
-
SafeSquid
SafeSquid is an HTTP 1.1 content filtering proxy server. Definition
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
Stuxnet
The Stuxnet worm is a rootkit exploit that targets Supervisory Control and Data Acquisition (SCADA) systems. SCADA is used in power, water and sewage plants, as well as in telecommunications and oil and gas refining. Definition
-
Five DDoS attack tools that you should know about
In this photo-story we explore common distributed denial-of-service (DDoS) attack tools and their features. Also learn how to guard against DDoS attacks. Photo Story
-
Noted cryptographer on SSL, encryption and cloud computing
Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks. Video
-
Cloud computing and security: How valid are the infosec concerns?
Learn about possible information security concerns and threats in cloud computing environments from Mano Paul, the Software Assurance Advisor for (ISC)2. Podcast
-
Balancing security and performance: Protecting layer 7 on the network
This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more. Video
-
FAQ: Corporate Web 2.0 Threats
In this expert video, you will learn about Web 2.0 software, the threats it poses, and whether the benefits outweigh the risks. Key areas covered include the threats posed by services like Facebook, MySpace, and LinkedIn, as well as wikis and blogs. ... Video
-
Dan Kaminsky on DNS, Web attacks
Noted network security researcher Dan Kaminsky, director of penetration testing at IOActive, shares his research on DNS and Web-based attack techniques. Video
-
Security tech market set to grow 8.7% in 2013, says Gartner
The worldwide security technology and services market will reach $67.2bn in 2013, up 8.7% from 2012, according to research firm Gartner News
-
Six ways to secure IP V6
Indian businesses must take charge of the inherit security threats that migrating to IP V6 brings. News
-
Indian companies must increase phishing awareness
Businesses are being targeted for phishing attacks. These attacks are increasingly turning into a corporate concern, with much at stake -- such as reputation damage. News
-
Assumption of breach: How a new mindset can help protect critical data
By adopting the assumption-of-breach security model, CISOs and security pros can better protect critical data. Expert Ernie Hayden explains. Tip
-
Mitigate phishing attacks in the cloud: A how-to
As Indian enterprises increasingly move to the cloud, so are phishing attempts. Here are some ways to mitigate the risks of phishing in the cloud. Tip
-
Study finds most antivirus products ineffective
Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva. News
-
Cloud security begins with the contract, says expert
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro. News
-
Genpact boosts security management with SIEM tool
An early adopter of SIEM technology in India, leading BPO firm Genpact’s nine-year journey to SIEM nirvana forms the focus of this case study. Case Study
-
Mobile impacting cloud security issues, says panel
Bring-your-own-device (BYOD) makes securing cloud services complex, say experts. Enterprises should set mobile guidelines consistent with cloud policies. News
-
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Tip
- See more All on Application and Web threat defenses
About Application and Web threat defenses
Put application security and web threat defenses with these comprehensive resources. Prepare for web threats with the latest news. Analyze application security levels with the help of industry experts. Devise an application security policy. Evaluate your preparedness with application security testing and an application security audit.