In Depth

In Depth

Application security and coding requirements

• Five ways to ensure remote working security and compliance

  A mix of on-site and remote working has become a fact of life for many organisations. We look at five key things you should consider to ensure compliance and security  Continue Reading

• Tips to minimise vulnerabilities in web and mobile apps

  Agile software development can sometimes be at odds with secure by design principles. We look at how organisations are balancing security with coding  Continue Reading

• Toughening up web and mobile apps

  We look at how organisations can secure internal and web-facing applications against ransomware and injection-style attacks  Continue Reading

• The rise and rise of supply chain attacks

  Supply chain attacks in Asia-Pacific and elsewhere have intensified as cyber threat actors look to exploit the weakest links in business and digital supply chains  Continue Reading

• Dealing with the challenge of beg bounties

  The rise of so-called beg bounties is becoming a challenge for security teams, and can be a drain on time and resources. But what is a beg bounty, and how does it differ from a bug bounty?  Continue Reading

• Security Long Reads: Cyber insiders reveal what’s to come in 2021

  In this long read, we gather together the thoughts of cyber security insiders from across the industry to get their take on what will happen in 2021  Continue Reading

• Patching: Balancing technical requirements with business considerations

  With an increasing reliance on subscription models alongside the regular patching of software, updates have become an essential part of modern business practices. However, care needs to be taken to ensure the optimum patching process is implemented  Continue Reading

• How to apply zero-trust models to container security

  Containers have become a common fixture in software development, but they have resulted in new concerns for security teams. Is zero-trust the answer to tackling them?  Continue Reading

• What are the security priorities for the post-coronavirus world?

  The Covid-19 pandemic is forcing massive change across the business world and things may never go back to normal. What does security look like in this new world, and what will buyers be prioritising?  Continue Reading

• Contact tracing: The privacy vs protection debate

  The Covid-19 pandemic has necessitated extreme measures not seen in peacetime for over 100 years. Contact-tracing apps are being developed as a tool for managing the pandemic, but are they a step too far?  Continue Reading

• Coronavirus: How to implement safe and secure remote working

  Find out what CIOs and CISOs need to know to enable their end-users to work remotely and stay secure during the Covid-19 coronavirus crisis, and learn how users can help themselves  Continue Reading

• Inside the SOC: the nerve centre of security operations

  Security operations centres are the bedrock of any cyber defence strategy, but operating one is increasingly challenging, with mounting workloads and a shortage of skilled personnel  Continue Reading

• Vulnerability assessment done. Now what?

  Vulnerability assessment establishes the current state of an organisation’s cyber security, but to meet industry best practices, companies should go beyond that to achieve continuous improvement  Continue Reading

• Debugging bug bounty programmes

  Bug bounty programmes have recently become a popular method of vulnerability management, but poor programme management can lead to development teams becoming overwhelmed and bugs being missed  Continue Reading

• A guide to choosing cloud-based security services

  Cloud-based security services can help organisations with a growing cloud footprint to reduce cost and address the manpower crunch in cyber security  Continue Reading

• The rise of DevSecOps

  The increasing complexity of security threats facing enterprises is leading to DevSecOps approaches, which combine operations and development with security, so that all business units are involved in security operations  Continue Reading

• Inside DevOps, containers and enterprise security

  Global corporates are waking up to containers and orchestrated containerisation for software development that is fast and safe. Computer Weekly looks at the best approach to ensure security is not compromised along the way  Continue Reading

• Application security more important than ever

  Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge  Continue Reading

• Cyber resilience key to securing industrial control systems

  Operators of industrial control systems can build greater cyber resilience by getting IT and operational technology teams to work more closely together and improving the visibility of their infrastructure, among other security measures  Continue Reading

• Application and device security under the spotlight

  The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, ...  Continue Reading

• Do website design platforms pose too big a security risk?

  Cloud-based website design platforms are booming in popularity because of their simplicity and affordability, but business security should be considered carefully when using such services  Continue Reading

• UK sale of surveillance equipment to Macedonia raises questions over export licence policy

  The UK approved an export licence for the sale of surveillance equipment to Macedonia – while the country was engaged in an illegal surveillance programme against its citizens. A senior minister was consulted on the decision  Continue Reading

• The Macedonian surveillance scandal that brought down a government

  Macedonia has been accused of using surveillance technology for covert spying - the subsequent political protests were instrumental in the ruling party losing power after 10 years  Continue Reading

• Tips on how to get a Hana implementation off the ground

  The confusion around SAP’s in-memory database is holding many customers back. We look at some of the approaches being taken to simplify implementation  Continue Reading

• APAC banks warming up to big data

  Financial institutions in the APAC region fear they may be left behind if they don’t embrace big data  Continue Reading

• Secure IoT before it kills us

  Experts say more must be done to mitigate the potentially catastrophic threats presented by connected devices  Continue Reading

• Lauri Love: the student accused of hacking the US

  How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love  Continue Reading

• The true cost of a cyber security breach in Australia

  The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting.  Continue Reading

• CW500: Are you human or are you machine?

  As more things become internet-connected, systems designed to authenticate people now need to deal with machine-to-machine authentication  Continue Reading

• Mobile security -- what works and what doesn't?

  Experts told the CW500 Security Club how mobility brings new challenges to security departments and an opportunity to go beyond building walls around the enterprise  Continue Reading

• Asean organizations braced for cyber attack

  As an emerging economic power bloc, Asean is bracing itself for an influx of cyber crimes as hackers look for lucrative targets  Continue Reading

• Australian businesses under cyber attack

  What are the cyber security risks facing businesses in Australia and New Zealand and how are organisations addressing them?  Continue Reading

• Making the most of logs

  Most IT systems produce log files, which IT administrators can use to automate security systems  Continue Reading

• Turning machine data into operational intelligence

  We look at how companies analyse server and security logs to tackle cybercrime and internal fraud, and optimise the user experience  Continue Reading

• Companies must act quickly to tackle cyber crime

  With cyber attacks becoming more sophisticated and widespread, companies must take stronger measures to prevent and tackle them  Continue Reading

• Companies must act quickly to combat cyber crime

  With cyber attacks becoming more sophisticated and widespread, companies must take stronger measures to prevent and tackle them  Continue Reading

• How the development of standards will affect the internet of things

  As the internet of things (IoT) grows, so will the number of applications developed to control internet-connected devices and objects  Continue Reading

• The internet of things is coming: Is your datacentre ready?

  Gartner estimates the IoT will see 26 billion units installed by 2020 – channelling huge volumes of data traffic into datacentres  Continue Reading

• Forrester: Build an app store into your corporate mobility strategy

  Corporate internal app stores can distribute the tools staff need, but they can also control who uses what and shore up data security  Continue Reading

• CW 500 Security Club: Securing the end point: a key challenge for business

  With multitudes of devices connecting businesses and their customers to interlinking systems, securing the end point has never been more vital  Continue Reading

• Protect your business by encrypting the network

  Enabling encryption across different points of the network can provide significant protection from the most advanced of attackers  Continue Reading

• Hacktivism: good or evil?

  IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics  Continue Reading

• How NSA spying disclosures influence security strategies

  How have whistleblower Edward Snowden’s exposés affected the ways organisations deal with internal and external security threats?  Continue Reading

• Putting software security in the hands of the buyer

  For far too long, businesses have been at the mercy of software suppliers for ensuring that critical applications are secure  Continue Reading

• Optimising performance and security of web-based software

  On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers.  Continue Reading

• Why agile development races ahead of traditional testing

  Traditional testing practices optimise large, centralised testing but struggle to support the rapid delivery of agile development.  Continue Reading

• After Prism revelation there is nowhere to hide

  UK business should not ignore revelations about the US Prism internet surveillance programme.  Continue Reading

• How to make your datacentre BYOD-ready

  BYOD is changing how employees interact with corporate data. Datacentre managers should follow these steps to prepare their infrastructure for BYOD  Continue Reading

• Putting security in context

  How should organisations approach context-aware security technologies and what business benefits can they deliver?  Continue Reading

• Static code analysis tools gain traction in India as SDL models mature

  Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices.  Continue Reading

• Royal Holloway 2012: Risks of multi-tenancy cloud computing

  In his Royal Holloway 2012 thesis, Jacobo Ros examines the risks of multi-tenancy cloud computing.  Continue Reading

• Royal Holloway 2012: PCI compliance, cloud computing are a costly pair

  It is possible to achieve PCI DSS compliance in a cloud environment, but it may not be cost-effective, as explained in this Royal Holloway article.  Continue Reading

• Opinion: Firms can’t or won’t address social networking security risks

  It's a common refrain: Even companies that are aware of social networking security risks don't do anything about them.  Continue Reading

• Hypervisor security: New techniques for securing virtual machines

  Learn about virtual monitoring and introspection in this article from Royal Holloway MSc student Fotios Tsifountidis and lecturer Geraint Price.  Continue Reading

• Virtualisation security for enterprise servers

  Don't fall prey to virtual server security myths. In this Security School lesson, expert Ben Chai explains how to implement server virtualisation securely.  Continue Reading

• Threat assessment model: Testing open source software for security

  To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software.  Continue Reading

• How to tackle a buffer overflow attack and avoid vulnerabilities

  Despite the research and learned papers on the subject, buffer overflow exploits seem to be as popular – and as successful – as ever  Continue Reading

• 2009 Royal Holloway University of London MSc thesis series

  Read a group of information security articles -- from the highly technical to the basic -- authored by recent MSc graduates of Royal Holloway University of London (RHUL).  Continue Reading

• Royal Holloway University of London MSc thesis Series

  This is a series of 12 thesis articles from MSc students at the Royal Holloway University of London, discussing security issues of the future.  Continue Reading