Application security and coding requirements
-
News
25 Apr 2024
Zero trust is a strategy, not a technology
Zero-trust security should be seen as a strategy to protect high-value assets and is not tied to a specific technology or product, says the model’s creator John Kindervag Continue Reading
-
News
24 Apr 2024
Mandatory MFA pays off for GitHub and OSS community
Mandating multifactor authentication for select developers has been a huge success for GitHub, the platform reports, and now it wants to go further Continue Reading
-
E-Zine
07 Jul 2016
CW ANZ: July 2016
Australia knows it has a cyber security problem, but not the scale. In this month’s CW ANZ we describe how Australia's $230m security strategy serves as a wake-up call to enterprises. We also reveal the techniques and technologies being used to protect one Australian school, as well as a more general look at the main cyber threats to orgainsations in Australia. Read the issue now. Continue Reading
-
News
20 Jun 2016
Lower average cost of Australian data breaches is not a sign of comfort
The average cost of a data breach to Australian organisations dropped in 2015, according to research Continue Reading
-
News
12 Jun 2016
Philippines government data breach is a warning to Asean region
Security is a rising concern in the Asean region, with fears fuelled by incidents such as the recent hacking incident in Manila Continue Reading
-
News
29 Apr 2016
Cyber security in Belgium will gain prominence after terror attacks
Belgium’s physical security has been branded inadequate, so how does the country’s cyber security measure up? Continue Reading
-
News
13 Apr 2016
NCA attempts 'back door' access to obtain activist Lauri Love’s passwords
Court told that use of civil proceedings to force disclosure of alleged hacker Lauri Love's passwords is disproportionate and would breach human rights law Continue Reading
-
News
31 Mar 2016
Adwind at centre of cyber attack on Singapore bank
Kaspersky Lab has revealed that the Adwind malware-as-a-service platform was at the centre of an attack on a Singapore bank Continue Reading
-
News
23 Mar 2016
Gov.uk Verify not secure enough for NHS, says HSCIC
The government’s Verify identity verification platform isn’t secure enough for the NHS, so Liverpool Clinical Commissioning Group and HSCIC are working to add extra levels of security Continue Reading
-
Opinion
07 Mar 2016
The problem with passwords: how to make it easier for employees to stay secure
An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading
-
News
29 Jan 2016
HSBC online services hit by DDoS attack
HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services. Continue Reading
-
News
24 Dec 2015
Top 10 IT security stories of 2015
Computer Weekly looks back at the most significant stories on IT security in the past 12 months Continue Reading
-
News
07 Dec 2015
Cyber attacks an increasing concern for Asean countries
Organisations in the Association of Southeast Asian Nations are increasingly the targets for cyber criminals, according to a report focused on the region Continue Reading
-
News
03 Dec 2015
Veracode finds most web apps fail Owasp security check list
The findings of a report on critical vulnerabilities in most web applications is raising concerns over potential security vulnerabilities in millions of websites Continue Reading
-
Feature
15 Oct 2015
The true cost of a cyber security breach in Australia
The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading
-
News
18 Sep 2015
Public-private co-operation in the Nordics tackles growing cyber crime threat
Nordic governments and businesses are putting cyber security at the centre of their planning as threats increase Continue Reading
-
News
09 Sep 2015
Security vulnerability management more than patching, warns Secunia
Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia Continue Reading
-
News
31 Jul 2015
Commercial software more secure than open source, finds report
A study has found that commercial code is more compliant than open source code with security compliance standards, such as the Owasp top 10 and the CWE top 25 Continue Reading
-
News
26 Jun 2015
Computer Weekly European User Awards 2015 winners revealed
The winners have been announced for the Computer Weekly European User Awards 2015. See who made the top spots Continue Reading
-
News
24 Jun 2015
IT professionals give Windows 10 Start button the thumbs up
A survey of European and North American IT professionals has found that the return of the Start button is the most enticing feature in Microsoft's latest operating system Continue Reading
-
News
23 Jun 2015
Pharmaceutical companies use BPM to cut cost of clinical trial drugs
Pharmaceutical companies have developed an IT system to secure the supply of medicines they need for clinical studies, saving hundreds of thousands on their drugs bill in the process Continue Reading
-
News
26 May 2015
NATS failure down to bug from the 90s and redundant code
A bug present in Nats since 1990s has been identified as the root cause of the five-hour outage of UK air traffic control on 12 December 2014 Continue Reading
-
News
18 May 2015
Whitehall technology chiefs vetoed new Windows XP support deal
Government technology chiefs vetoed a new deal with Microsoft to continue Windows XP support to force laggards to move off the OS Continue Reading
-
News
30 Apr 2015
IoT benefits and privacy not mutually exclusive, says industry expert
It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert Continue Reading
-
News
27 Feb 2015
Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence
Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading
-
News
24 Feb 2015
PrivDog SSL compromise potentially worse than Superfish
Some versions of PrivDog software designed to block online ads compromise internet security in a similar way to Superfish Continue Reading
-
E-Zine
26 Jan 2015
Why we need cyber war games
In this week’s Computer Weekly, the UK and US are starting a cyber war on each other – all in the name of testing each other’s defences. We look at why the cyber war games are needed. We examine what IT managers can learn from the car industry to improve supplier relationship management. And we find out why innovation should be top of the IT agenda in 2015. Read the issue now. Continue Reading
-
News
06 Jan 2015
Google under fire over Windows zero-day disclosure
Google has come under fire for publishing a proof-of-concept attack exploiting a flaw in Windows 8.1 before Microsoft had released a security update Continue Reading
-
E-Zine
05 Jan 2015
CW Europe – January 2015 Edition
As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading
-
News
17 Dec 2014
Cabinet Office begins procurement for next stage of Gov.uk Verify
The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading
-
News
17 Dec 2014
US interception in the EU faces new legal challenges
US government orders against Microsoft to hand over email data 'infringes privacy legislation' in other countries Continue Reading
-
News
28 Nov 2014
CGI secures communications between pilots and air traffic control
Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading
-
Feature
25 Nov 2014
How the development of standards will affect the internet of things
As the internet of things (IoT) grows, so will the number of applications developed to control internet-connected devices and objects Continue Reading
-
News
09 Oct 2014
WordPress most attacked application
Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading
-
News
08 Oct 2014
Malware being used to steal cash from ATMs
Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading
-
E-Zine
03 Oct 2014
CW Europe - October 2014 Edition
BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading
-
E-Zine
29 Sep 2014
Hacking IT from the inside
In this week’s Computer Weekly, car giant Daimler talks about its IT security strategy and the benefits of having its own in-house hacking team. App developers are under fire for collecting too much personal data – we examine the latest best practice. Our new buyer’s guide looks at virtualisation backup. And our review of Microsoft’s Surface Pro 3 tablet asks whether it can replace the laptop. Read the issue now. Continue Reading
-
News
17 Sep 2014
KPMG: IoT, 3D printing and healthcare IT to have most impact
Internet of things (IoT), 3D printing and biotech or healthcare IT are among the IT trends that will change the way people work and live Continue Reading
-
News
15 Sep 2014
Salesforce issues advice on avoiding Dyreza attack
Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus Continue Reading
-
News
27 Aug 2014
Security experts identify top 10 software design flaws
The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading
-
E-Zine
26 Aug 2014
Can national security and privacy co-exist?
In this week’s Computer Weekly, we talk to NSA whistleblower Bill Binney about the often-conflicting needs of security and privacy. We find out how Google is using artificial intelligence to improve datacentre energy efficiency. And we look at a project to use wearable technology and big data to help tackle Parkinson’s disease. Read the issue now Continue Reading
-
Feature
20 Aug 2014
The internet of things is coming: Is your datacentre ready?
Gartner estimates the IoT will see 26 billion units installed by 2020 – channelling huge volumes of data traffic into datacentres Continue Reading
-
News
11 Aug 2014
USB-connected devices present cyber vulnerabilities
Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading
-
News
04 Jul 2014
Barclays passes government’s ‘internet-born threat’ test
Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading
-
News
03 Jul 2014
Netflix releases its AWS monitoring tool Security Monkey into the wild
Netflix has made Security Monkey, the AWS tracker tool it built for itself, freely available to other Amazon cloud users Continue Reading
-
E-Zine
30 Jun 2014
Supporting Apple in the enterprise
In this week’s Computer Weekly, our latest buyer’s guide takes an in-depth look at how to support Apple products in an enterprise IT infrastructure. We find out how eBay built its own Openstack private cloud. And the chief of the government’s G-Cloud programme talks about changing public sector IT procurement. Read the issue now. Continue Reading
-
News
25 Apr 2014
Heartbleed prompts tech firms to pledge open-source support
Top tech firms have joined forces to support open-source software to help prevent future bugs like Heartbleed Continue Reading
-
News
17 Apr 2014
Datacentre lessons learnt from Heartbleed bug
The Heartbleed bug, an OpenSSL flaw affecting millions of websites, has some lessons for datacentre providers and operators Continue Reading
-
Photo Story
17 Mar 2014
The Cyber Security Challenge UK 2014
The Cyber Security Challenge UK is a series of events designed to test the ability of thousands of amateur applicants who have skills in the cyber security space. Continue Reading
-
Feature
14 Mar 2014
Hacktivism: good or evil?
IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading
-
News
04 Mar 2014
Governance, Risk Management and Compliance (GRC)
Ensuring that all the stakeholders' information needs are met requires a holistic approach to managing information – the creation of a GRC platform, say analysts Clive Longbottom and Rob Bamforth. Continue Reading
-
News
21 Feb 2014
Employee mobiles expose firms to attack, says Webroot
Employees mobile devices expose companies to malicious applications and attacks, according to the latest mobile threat report from Webroot Continue Reading
-
News
05 Feb 2014
Bank of England publishes Waking Shark II cyber security exercise results
Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading
-
News
23 Jan 2014
US startup aims to turn tables on hackers
US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading
-
News
10 Jan 2014
More than 1,100 DWP workers disciplined over benefits snooping
More than 1,100 employees at the Department for Work and Pensions have received official warnings since 2008 for prying into benefits records Continue Reading
-
News
10 Jan 2014
Security considerations for UK enterprises
This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading
-
News
05 Dec 2013
UK citizen sues Microsoft over Prism private data leak to NSA
A court action brought in the UK will test Microsoft's legal right to disclose private data on UK citizens to US intelligence services Continue Reading
-
News
05 Dec 2013
Cybercrime and warfare: All that matters
Peter Warren and Michael Streeter assess the history, scale and importance of cyber crime in this chapter from their book, Cybercrime and warfare: All That Matters. Continue Reading
-
Feature
25 Nov 2013
Optimising performance and security of web-based software
On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading
-
News
12 Nov 2013
Global profiles of the fraudster
Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading
-
Feature
11 Nov 2013
Why agile development races ahead of traditional testing
Traditional testing practices optimise large, centralised testing but struggle to support the rapid delivery of agile development. Continue Reading
-
News
30 Oct 2013
Identity assurance system moves into beta test phase
The Government Digital Service has started testing of a key system to support plans for citizens to securely prove their identity when accessing online public services Continue Reading
-
News
05 Sep 2013
Windows 2012 Server Network Security
This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading
-
News
05 Sep 2013
Windows Server 2012 Security from End to Edge and Beyond
This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading
-
News
05 Sep 2013
Printing: a false sense of security?
Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading
-
News
23 Aug 2013
Box.com forges new cloud security model
Service providers and consumers need to move to a security model better suited to the cloud computing, says Box.com Continue Reading
-
News
20 Aug 2013
Targeted attacks and how to defend against them
Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading
-
News
19 Jul 2013
Facebook to acquire UK startup Monoidics
Facebook is to acquire UK startup Monoidics, which makes code verification and analysis tools and specialises in detecting coding errors Continue Reading
-
News
19 Jul 2013
IT security case studies
Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading
-
News
18 Jul 2013
Needle in a Datastack: The rise of big security data
This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading
-
News
17 Jul 2013
IT Security Case Studies
Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading
-
News
15 Jul 2013
Black market for software security flaws reaches new highs
The black market in previously undiscovered vulnerabilities in commercial software is so established that the average flaw sells for up to $160,000 Continue Reading
-
News
10 Jun 2013
Telefonica Digital forms security group Eleven Paths
The business division of mobile operator Telefonica launches Eleven Paths, an independent company working on security issues in the workplace Continue Reading
-
News
15 May 2013
Microsoft declares conformance with ISO 27034-1
Microsoft has declared conformance with ISO 27034-1, the first part of an international standard for secure software development Continue Reading
-
News
13 May 2013
Cyber criminals hack Washington court system
Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading
-
News
01 May 2013
CW buyer's guide: context-aware security
This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading
-
News
01 May 2013
CW Special Report on CSC
This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading
-
News
22 Apr 2013
US jails LulzSec hacker Cody Kretsinger
The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading
-
News
19 Apr 2013
Conficker makes way for web-based attacks, says Microsoft
Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading
-
News
11 Apr 2013
Bots and web apps among top threats to data security, says Check Point
Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading
-
Opinion
25 Mar 2013
Securing the hypervisor: expert tips
There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading
-
News
25 Mar 2013
Malware in counterfeit software to cost business $114bn in 2013
Dealing with malware in counterfeit software will cost global enterprises an estimated $114bn in 2013, says research firm IDC Continue Reading
-
News
28 Feb 2013
RSA 2013: Suppliers need to prepare for new security vulnerability handling standards
Software makers and online service providers need to prepare for two ISO standards on vulnerability handling processes due by the end of 2013 Continue Reading
-
News
06 Dec 2012
2012 Cost of Cyber Crime Study: UK
The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading
-
News
03 Dec 2012
IT Security Purchasing Intentions 2013
This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading
-
News
13 Nov 2012
Mobile Security Strategies
This exclusive report for Computer Weekly members explains the security risks and challenges of using mobile devices in the enterprise. Continue Reading
-
News
13 Nov 2012
The Global State of Information Security Survey 2013: Key Findings
This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading
-
Tip
01 Nov 2012
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Continue Reading
-
News
30 Oct 2012
IT security budgets mismatched to hacker targets, study shows
IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading
-
Tip
09 Oct 2012
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Continue Reading
-
Feature
17 Sep 2012
Static code analysis tools gain traction in India as SDL models mature
Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Continue Reading
-
Video
24 May 2012
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Continue Reading
-
News
18 May 2012
MDM, security vendors scramble to address BYOD security issues
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products. Continue Reading
-
News
24 Apr 2012
Investigation reveals serious cloud computing data security flaws
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk. Continue Reading
-
Photo Story
29 Mar 2012
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Continue Reading
-
Tutorial
27 Mar 2012
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Continue Reading
-
Answer
05 Mar 2012
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading
-
News
24 Feb 2012
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading
-
News
08 Feb 2012
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. Continue Reading
-
News
03 Feb 2012
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading
-
Tutorial
23 Jan 2012
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Continue Reading
-
Tip
19 Dec 2011
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Continue Reading