Application security and coding requirements
-
Feature
23 Apr 2025
Enterprise strategies for API management
Application programming interfaces are the connective tissue of the modern enterprise, driving innovation and integration. But managing them effectively requires enterprises to consider governance, security and lifecycle management while preparing for emerging threats and technologies like AI Continue Reading
-
News
23 Apr 2025
Amid uncertainty, Armis becomes newest CVE numbering authority
Amid an uncertain future for vulnerability research, exposure management company Armis has been given the authority to assign CVE IDs to newly discovered vulnerabilities Continue Reading
-
News
19 Apr 2013
Conficker makes way for web-based attacks, says Microsoft
Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading
-
News
11 Apr 2013
Bots and web apps among top threats to data security, says Check Point
Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading
-
Opinion
25 Mar 2013
Securing the hypervisor: expert tips
There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading
-
News
25 Mar 2013
Malware in counterfeit software to cost business $114bn in 2013
Dealing with malware in counterfeit software will cost global enterprises an estimated $114bn in 2013, says research firm IDC Continue Reading
-
News
28 Feb 2013
RSA 2013: Suppliers need to prepare for new security vulnerability handling standards
Software makers and online service providers need to prepare for two ISO standards on vulnerability handling processes due by the end of 2013 Continue Reading
-
News
06 Dec 2012
2012 Cost of Cyber Crime Study: UK
The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading
-
News
03 Dec 2012
IT Security Purchasing Intentions 2013
This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading
-
News
13 Nov 2012
Mobile Security Strategies
This exclusive report for Computer Weekly members explains the security risks and challenges of using mobile devices in the enterprise. Continue Reading
-
News
13 Nov 2012
The Global State of Information Security Survey 2013: Key Findings
This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading
-
Tip
01 Nov 2012
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Continue Reading
-
News
30 Oct 2012
IT security budgets mismatched to hacker targets, study shows
IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading
-
Tip
09 Oct 2012
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Continue Reading
-
Feature
17 Sep 2012
Static code analysis tools gain traction in India as SDL models mature
Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Continue Reading
-
Video
24 May 2012
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Continue Reading
-
News
18 May 2012
MDM, security vendors scramble to address BYOD security issues
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products. Continue Reading
-
News
24 Apr 2012
Investigation reveals serious cloud computing data security flaws
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk. Continue Reading
-
Photo Story
29 Mar 2012
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Continue Reading
-
Tutorial
27 Mar 2012
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Continue Reading
-
Answer
05 Mar 2012
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading
-
News
24 Feb 2012
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading
-
News
08 Feb 2012
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. Continue Reading
-
News
03 Feb 2012
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading
-
Tutorial
23 Jan 2012
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Continue Reading
-
Tip
19 Dec 2011
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Continue Reading
-
News
05 Dec 2011
Concerned about tablet security issues? Some are, others not so much
Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm. Continue Reading
-
News
04 Aug 2011
Missing USB drive, found in pub, contained unencrypted data
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub. Continue Reading
-
Tip
13 Jul 2011
SAP security tutorial: Top 10 SAP security implementation steps
Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Continue Reading
-
News
06 Jul 2011
Network security case study: College’s NAC virtual appliance makes grade
Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand. Continue Reading
-
News
25 May 2011
Virtual desktop benefits include tighter security, hot desking
With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%. Continue Reading
-
News
20 Apr 2011
Shutting down a botnet, US Government disables Coreflood
Coreflood, a botnet almost ten years old, has been taken down by the FBI and US Department of Justice by obtaining permission to hijack the command and control servers and send a 'stop' command to infected PCs. Is this overstepping the privacy line? Continue Reading
-
Tip
19 Apr 2011
Secure SDLC best practices
While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment. Continue Reading
-
Tutorial
22 Feb 2011
Information security tutorials
SearchSecurity.co.uk's tutorials offer a variety of online information security training courses you can take on your own time at your own pace specifically for UK readers. They are designed to arm you with the foundational and tactical information you need to deal with the increasingly challenging job of keeping your organization's information secure. Continue Reading
-
Tip
17 Nov 2010
How to use the Microsoft FCIV command-line checksum tool
Downloading files from the Internet always poses a risk, but there are strategies that can make the process more secure. In this tip, Michael Cobb explains how to use the Microsoft FCIV tool to check the hash values of downloaded files and create hashes and checksums of you own. Continue Reading
-
Answer
08 Sep 2010
Dynamic code analysis vs. static analysis source code testing
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response. Continue Reading
-
Answer
28 Apr 2008
What are the dangers of using Facebook, other social networking sites?
Ken Munro discusses the dangers associated with allowing employees to access social networking sites such as Facebook, and explains how corporations can avoid these risks by monitoring the information placed in employee profiles and using email filters. Continue Reading