-
The Metasploit Framework Tutorial PDF compendium: Your ready reckoner
Get our Metasploit Framework tutorial installments in one place, with the aid of this Metasploit tutorial PDF collection. Tutorial
-
Security sandbox program: Defense-in-depth or layered vulnerabilities?
Recently, companies like Adobe and Google have been using sandboxes to aid measures in their applications, but how can sandboxes be useful in the enterprise? Article
-
Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
Buffer overflow exploits and vulnerabilities can lead to serious harm to Web applications, as well as embarrassing and costly data security breaches and system compromises. Learning Guide
-
Microsoft fixes code targeted by Duqu in May 2012 Patch Tuesday
Experts suggest patience when dealing with this month’s round of Microsoft updates. News | 08 May 2012
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users. News | 04 May 2012
-
Microsoft program breach led to early RDP vulnerability exploit
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News | 03 May 2012
-
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News | 03 May 2012
-
Google Vulnerability Reward Program increases, Microsoft unfazed
Google increased the reward for a code execution bug to $20,000. Microsoft remains against a bug bounty. News | 24 Apr 2012
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News | 18 Apr 2012
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn. News | 11 Apr 2012
-
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue
Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems. News | 10 Apr 2012
-
April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical
Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework. News | 05 Apr 2012
-
Expert advocates for more effective pen tests, less complex security
A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012. News | 02 Apr 2012
- See More: News on Vulnerability and patch management
-
Advanced persistent threat (APT) defense; best practices
An advanced persistent threat could be disastrous if targeted at entities of strategic value. Follow these nifty tips to tackle advanced persistent threats. Tip
-
Virtualization security: How vulnerable is your hypervisor?
Choosing the right hypervisor for your infrastructure is not only critical for deployment and management purposes, but it also comes into play with virtualization security. Tip
-
Corporate penetration testing: Best practices for thorough assessments
Learn how to get best value out of penetration tests performed on your critical infrastructure and services Tip
-
5 penetration test tools to secure your network
Selecting the right penetration test tool can be a hassle. To make your life easier, we have put together a list of proven penetration testing tools. Tip
-
Penetration testing tool usage best practices
A quick look at when and how a penetration testing tool should be used—along with the steps to take while using these solutions. Tip
-
Monitoring strategies for insider threat detection
Insider threat detection is a vital part of the security of any enterprise organization. In this tip, part of the SearchSecurity.com Insider Threats Security School lesson, learn about the best insider threat detection strategies. Tip
-
How to avoid attacks that exploit a Web browser vulnerability
Beyond patching, Tom Chmielarski explains what you'll need to do to avoid application exploits caused by Web browser vulnerabilities. Tip
-
What can the Khobe technique do to Windows antivirus software?
Khobe is an evasion technique, not malware. Learn how to stop a compromise and make sure that antivirus isn't your only line of defense. Tip
-
KHOBE attack technique: Kernel bypass risk or much ado about nothing?
Some say the KHOBE attack technique is a serious threat looming over enterprises, while others believe it's been greatly over-hyped. Who's right? Nick Lewis offers his analysis. Tip
-
Zeus botnet analysis: Past, present and future threats
The Zeus botnet isn't showing signs of fading. In fact, it now threatens a wider scope of organizations beyond the banking industry. Expert Nick Lewis offers a Zeus botnet analysis, looking at why it's been so effective, what it's doing now and how t... Tip
- See More: Tips on Vulnerability and patch management
-
How penetration testing helps ensure a secure data store
A third-party penetration test is the best way to determine whether an online data store can be compromised. Answer
-
How to secure a .pdf file
In this expert Q&A, Michael Cobb explains how to avoid malicious content that is embedded into .pdf documents. Ask the Expert
-
Are Web application penetration tests still important?
Web application penetration tests continue to be an important part of the secure software development lifecycle process in order to reduce the number and severity of security-related design and coding errors. Ask the Expert
-
When should a virtual patch be used?
Learn how virtual patches can help administrators review, test and schedule official patch updates and find out about the benefits a virtual patch provides, such as protection against identified vulnerabilities. Ask the Expert
-
Ethical hacking techniques for standard penetration testing
Learn how to form a policy for standard penetration tests including getting written permission. Learn ethical hacking techniques. Ask the Expert
-
What is the best way to manually test for buffer overflows?
There are two ways of reviewing a program for buffer overflows. Michael Cobb explains how to examine a program's source code and file code. Ask the Expert
-
What is an ideal patch management process for small businesses?
Patch management and testing can be a time-consuming and resource-hungry task. In this expert response, Michael Cobb demonstrates how to streamline the process. Ask the Expert
-
vulnerability and patch management
Vulnerability management is a pro-active approach to managing network security. Definition
-
Data Security Council of India (DSCI)
The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing. DSCI was founded by NASSCOM, an Indian IT-BPO (business process outsourcing... Definition
-
Bruce Schneier on security for cloud computing
In part one of this interview with author and leading security expert Bruce Schneier, he discusses how cloud computing is changing the information security industry, and how companies should adapt to keep up. Video
-
The trade-offs of unified threat management
Opus One's Joel Snyder reveals a key drawback of UTM. Video
-
Microsoft fixes code targeted by Duqu in May 2012 Patch Tuesday
Experts suggest patience when dealing with this month’s round of Microsoft updates. News
-
Adobe pushes patch for actively exploited Flash Player vulnerability
Adobe is addressing a zero-day flaw in Flash Player being used by cybercriminals in email attacks targeting Internet Explorer users. News
-
Microsoft program breach led to early RDP vulnerability exploit
Microsoft said a member of its confidential Active Protections Program leaked information that prompted an exploit targeting a flaw patched in March. News
-
Microsoft to fix 23 vulnerabilities in May 2012 Patch Tuesday
Microsoft said it plans to address flaws in Windows, Office, Silverlight and the .NET Framework. News
-
Google Vulnerability Reward Program increases, Microsoft unfazed
Google increased the reward for a code execution bug to $20,000. Microsoft remains against a bug bounty. News
-
HP study finds widespread custom Web application flaws
A review of hundreds of unique custom Web applications found more than half are vulnerable to cross-site scripting and more than 86% contain injection flaws. News
-
Dangerous Samba vulnerability affects all Linux systems
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn. News
-
Microsoft April 2012 Patch Tuesday repairs critical IE flaws, ActiveX control issue
Microsoft repaired 11 vulnerabilities in April, including a critical update to its Internet Explorer browser and an ActiveX fix that affects a variety of software and server systems. News
-
April 2012 Patch Tuesday: Microsoft to issue six bulletins, four critical
Microsoft’s six bulletins include critical server repairs, Internet Explorer updates and a critical update of its .NET Framework. News
-
Expert advocates for more effective pen tests, less complex security
A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012. News
- See More: All on Vulnerability and patch management
About Vulnerability and patch management
Find patch and vulnerability management best practices here. Discover the ideal policy for patch management and evaluate patch manager solutions. Manage server patch management optimally. Keep yourself updated with the latest patch management software developments and news.