Web application security
-
E-Zine
07 Oct 2025
Is the UK’s digital ID scheme doomed to fail?
In this week’s edition of Computer Weekly, we take a look at the government’s somewhat controversial plan to introduce a national, compulsory digital ID scheme. Ranil Boteju, chief data and analytics officer at Lloyds Banking Group, also runs us through how the financial services giant is planning to use agentic AI to improve the customer experience. In the third part of our buyer’s guide on cloud management and security, details about the plethora of security tools that exist for enterprises looking to manage their Amazon Web Services stacks gets the deep-dive treatment. And, in our final feature in the issue, we look at the evolution in mobile app technology within the retail space. Read the issue now. Continue Reading
-
News
06 Oct 2025
Oracle patches E-Business suite targeted by Cl0p ransomware
Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around Continue Reading
-
News
18 Oct 2016
Saving Lauri Love: activists plan their next move
An eclectic bunch of activists, charity workers and reformed hackers spent a rainy Sunday afternoon plotting their next move in a campaign to save Lauri Love from extradition to the US on hacking charges Continue Reading
-
Opinion
12 Oct 2016
Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition
Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading
-
Feature
16 Sep 2016
Lauri Love: the student accused of hacking the US
How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love Continue Reading
-
News
12 Jul 2016
IBM sets up security centre in Canberra
IBM leads the charge as large private businesses invest heavily in security resources across Australia in an attempt to close the security gap Continue Reading
-
E-Zine
07 Jul 2016
CW ASEAN: July 2016
Lessons from the Philippine government hack: In this issue we ask why a hack on the Philippine Commission on the Elections (Comelec) was allowed to happen and what organisations in Southeast Asia can learn from this breach of security. Retailers in the region are concerned – read how the theft of customer data is their biggest worry. Continue Reading
-
E-Zine
07 Jul 2016
CW ANZ: July 2016
Australia knows it has a cyber security problem, but not the scale. In this month’s CW ANZ we describe how Australia's $230m security strategy serves as a wake-up call to enterprises. We also reveal the techniques and technologies being used to protect one Australian school, as well as a more general look at the main cyber threats to orgainsations in Australia. Read the issue now. Continue Reading
-
News
03 May 2016
Gov.uk Verify misses April go-live target
The Government Digital Service didn’t meet its target of taking identity assurance service Verify out of beta by the end of April, but is “nearly there”, according to programme director Janet Hughes Continue Reading
-
News
26 Apr 2016
Business failing to learn lessons of past cyber attacks, report shows
Organisations are still failing to address basic security issues and well-known attack methods, Verizon’s latest Data Breach Investigations Report reveals Continue Reading
-
News
15 Apr 2016
Israeli volunteers ready their cyber defences as Anonymous affiliates attack
Every April, Israel braces itself for an onslaught from pro-Palestinian hackers, but the occupants of a small conference room in Tel Aviv stand in their way Continue Reading
-
News
11 Apr 2016
Activist Lauri Love faces order to disclose encryption keys
The UK’s National Crime Agency takes an unusual legal step to force a former university student accused of hacking to disclose encryption keys Continue Reading
-
Opinion
07 Mar 2016
The problem with passwords: how to make it easier for employees to stay secure
An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading
-
News
29 Jan 2016
HSBC online services hit by DDoS attack
HSBC was hit by a distributed denial of service (DDoS) attack, which targeted its online personal banking services. Continue Reading
-
Feature
05 Jan 2016
Interview: James Bamford on surveillance, Snowden and technology companies
Investigative journalist and documentary maker James Bamford was among the first to uncover the secrets of the US National Security Agency and its global surveillance Continue Reading
-
News
24 Dec 2015
Top 10 IT security stories of 2015
Computer Weekly looks back at the most significant stories on IT security in the past 12 months Continue Reading
-
News
03 Dec 2015
Veracode finds most web apps fail Owasp security check list
The findings of a report on critical vulnerabilities in most web applications is raising concerns over potential security vulnerabilities in millions of websites Continue Reading
-
News
03 Dec 2015
Workday ringfences support in Europe after Safe Harbour ruled unsafe
US cloud HR and financial services provider reponds to Safe Harbour failure by ringfencing European data Continue Reading
-
Feature
15 Oct 2015
The true cost of a cyber security breach in Australia
The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading
-
Feature
06 Oct 2015
Max Schrems: The man who broke Safe Harbour
Schrems has persuaded a high court judge to confirm that Edward Snowden’s evidence is acceptable in court and that the US is engaged in mass surveillance of European citizens Continue Reading
-
News
06 Oct 2015
Researchers find credential-stealing webmail server APT attack
Security researchers have discovered a new and unique advanced persistent threat (APT) technique that involves a malicious module loaded onto a webmail server Continue Reading
-
News
09 Sep 2015
Security vulnerability management more than patching, warns Secunia
Keeping track of what makes an IT environment vulnerable is an ongoing and complex task, according to Secunia Continue Reading
-
Opinion
25 Aug 2015
Life’s a breach: How to handle the press after a hacking attack
Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines Continue Reading
-
E-Zine
04 Aug 2015
Cyber risks hit the road
In this week's Computer Weekly, after hackers took remote control of a Jeep Cherokee, we assess the security concerns for internet-connected cars. With the growth of digital banking, is there a need for high-street branches anymore? And we examine whether email overload is hindering the UK's economic productivity. Read the issue now. Continue Reading
-
News
30 Apr 2015
IoT benefits and privacy not mutually exclusive, says industry expert
It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert Continue Reading
-
Feature
25 Apr 2015
Bill Binney, the ‘original’ NSA whistleblower, on Snowden, 9/11 and illegal surveillance
Always a patriot: Computer Weekly talks to Bill Binney, the senior NSA official who blew the whistle before Edward Snowden Continue Reading
-
News
22 Apr 2015
HSBC website mistake guides customers to porn
HSBC’s Hong Kong website accidentally featured an out-of-date link that directed people to a porn site Continue Reading
-
News
25 Mar 2015
UK government adds five authentication providers to Gov.uk Verify identity management system
The Government Digital Service (GDS) adds five authentication providers to the Gov.uk Verify identity and access management scheme Continue Reading
-
News
27 Feb 2015
Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence
Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading
-
E-Zine
05 Jan 2015
CW Europe – January 2015 Edition
As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading
-
News
17 Dec 2014
Cabinet Office begins procurement for next stage of Gov.uk Verify
The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading
-
Feature
11 Dec 2014
The state of mobile back end as a service
Common mobile application services are increasingly being hosted on central back-end servers – but what does that mean for the enterprise? Continue Reading
-
News
28 Nov 2014
CGI secures communications between pilots and air traffic control
Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading
-
News
09 Oct 2014
WordPress most attacked application
Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading
-
News
08 Oct 2014
Malware being used to steal cash from ATMs
Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading
-
E-Zine
03 Oct 2014
CW Europe - October 2014 Edition
BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading
-
News
16 Sep 2014
GDS unveils 'Gov.UK Verify' public services identity assurance scheme
The Government Digital Service (GDS) debuts a system to prove users’ identities when using public services online, branded as 'Gov.UK Verify' Continue Reading
-
News
27 Aug 2014
Security experts identify top 10 software design flaws
The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading
-
News
11 Aug 2014
USB-connected devices present cyber vulnerabilities
Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading
-
News
22 Jul 2014
Hackers abuse Bitly API in novel attack, reports Websense
A cyber attack targeting MSNBC highlights cybercriminals’ abuse of the public’s trust in news sites, says Websense Security Labs Continue Reading
-
News
04 Jul 2014
Barclays passes government’s ‘internet-born threat’ test
Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading
-
E-Zine
22 Apr 2014
Adapting to life after Heartbleed
In this week’s Computer Weekly, we investigate the most significant flaw in recent history to impact the internet. The Heartbleed bug in OpenSSL leaves millions of internet servers vulnerable to attack. Hackers have already exploited Heartbleed to steal passwords from the Mumsnet parenting site. What can websites do to foil future attacks? Continue Reading
-
Feature
14 Mar 2014
Hacktivism: good or evil?
IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading
-
News
05 Feb 2014
Bank of England publishes Waking Shark II cyber security exercise results
Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading
-
News
04 Feb 2014
NHS site malicious redirects are a warning to developers
A coding error that redirected NHS website visitors to malicious content should be a warning to developers, say security experts Continue Reading
-
News
23 Jan 2014
New Snapchat security measure easily by-passed, says researcher
A new Snapchat security measure to verify users are human is easily by-passed, says researcher Continue Reading
-
News
23 Jan 2014
US startup aims to turn tables on hackers
US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading
-
News
10 Jan 2014
Security considerations for UK enterprises
This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading
-
Feature
25 Nov 2013
Optimising performance and security of web-based software
On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading
-
News
12 Nov 2013
Global profiles of the fraudster
Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading
-
News
16 Oct 2013
Neustar to host first DDoS awareness day
Communications firm Neustar is to host the first international awareness day on distributed denial of service (DDoS) attacks Continue Reading
-
News
09 Sep 2013
Most websites could be targeted through PHP, warns Imperva
Hackers are focusing on vulnerabilities in PHP web application development platform, threatening most websites, warns Imperva Continue Reading
-
News
06 Sep 2013
NSA and GCHQ unlock online privacy encryption
UK and US intelligence agencies have unlocked the technology used to encrypt online services, including email, online banking and medical records. Continue Reading
-
News
05 Sep 2013
Windows 2012 Server Network Security
This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading
-
News
05 Sep 2013
Windows Server 2012 Security from End to Edge and Beyond
This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading
-
News
05 Sep 2013
Printing: a false sense of security?
Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading
-
News
20 Aug 2013
Targeted attacks and how to defend against them
Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading
-
Opinion
13 Aug 2013
The dangers of internet cafés
Businesses need clear computer use policies and need to ensure staff are properly trained in data protection, writes Garry Mackay Continue Reading
-
News
05 Aug 2013
Websites hacked to show child abuse images
More than 25 business websites worldwide have been hacked to show illegal images of child sex abuse Continue Reading
-
Feature
30 Jul 2013
Big data journalism exposes offshore tax dodgers
How journalists harnessed big data to challenge offshore financial secrecy Continue Reading
-
News
19 Jul 2013
IT security case studies
Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading
-
News
18 Jul 2013
Needle in a Datastack: The rise of big security data
This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading
-
News
17 Jul 2013
2013 Cost of Data Breach Study: UK
The cost of data breaches has risen for UK organisations over the past year, the Ponemon Institute reveals. Continue Reading
-
News
17 Jul 2013
Security Think Tank Download: Bring your own device
Downloadable guide. How to make your company secure when you introduce BYOD. Continue Reading
-
News
17 Jul 2013
IT Security Case Studies
Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading
-
News
16 Jul 2013
More than one-fifth of UK firms hit by DDoS attacks in 2012
More than a fifth of UK firms experienced a disruptive distributed denial of service (DDoS) attack in 2012 Continue Reading
-
News
24 Jun 2013
Identity management key to browser-based IT strategy
A cloud-based identity management system is key to enabling a browser-based IT strategy at online recruitment firm Reed.co.uk Continue Reading
-
News
29 May 2013
Syrian hackers deface Sky Android apps
Syrian hackers have defaced several of Sky’s Android apps, forcing the broadcaster to remove them temporarily from the Google Play store Continue Reading
-
News
13 May 2013
Cyber criminals hack Washington court system
Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading
-
News
01 May 2013
CW buyer's guide: context-aware security
This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading
-
News
01 May 2013
CW Special Report on CSC
This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading
-
News
22 Apr 2013
US jails LulzSec hacker Cody Kretsinger
The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading
-
News
19 Apr 2013
Conficker makes way for web-based attacks, says Microsoft
Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading
-
News
11 Apr 2013
Bots and web apps among top threats to data security, says Check Point
Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading
-
Opinion
25 Mar 2013
Securing the hypervisor: expert tips
There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading
-
News
05 Mar 2013
Enterprise Security Architecture – an outsourcer's view
Alan Jenkins, chief security officer of outsourcing specialist, T Systems, explains the company's approach to enterprise security architecture. Continue Reading
-
News
05 Mar 2013
Enterprise Security Architecture
Mark Brown, Director for Advisory Risk & Information Security at Ernst & Young offers advice to security leaders on developing a robust Enterprise Security Architecture. Continue Reading
-
News
26 Feb 2013
Virtualization Security: Protecting Virtualized Environments
This extract from the book Virtualization Security, includes a 30% discount for Computer Weekly readers. Continue Reading
-
News
24 Jan 2013
ICO hits Sony with £250,000 data breach penalty
The Information Commissioner’s office (ICO) has fined Sony Computer Entertainment Europe £250,000 for breaching the Data Protection Act Continue Reading
-
News
18 Jan 2013
Security visualisation
This article is guideline of how to generate a visual representation of a given dataset and use in the evaluation of known security vulnerabilities Continue Reading
-
News
14 Jan 2013
Oracle rushes out patches for Java zero days
Oracle has released two out-of-band security updates for the latest zero day vulnerabilities in Java Continue Reading
-
News
12 Dec 2012
Ghost Shell hacktivists publish over a million credentials
The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts Continue Reading
-
News
07 Dec 2012
UK government jobs website exploited by hackers
Hackers have been able to exploit security flaws in a new government jobs website to steal personal information about job applicants Continue Reading
-
News
06 Dec 2012
2012 Cost of Cyber Crime Study: UK
The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading
-
News
03 Dec 2012
IT Security Purchasing Intentions 2013
This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading
-
News
27 Nov 2012
Zero-day exploit for Yahoo Mail goes on sale
Hacker sells $700 zero-day exploit for Yahoo Mail that allows attacker to use cross-site scripting vulnerability to steal cookies and hijack accounts Continue Reading
-
News
13 Nov 2012
The Global State of Information Security Survey 2013: Key Findings
This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading
-
News
30 Oct 2012
IT security budgets mismatched to hacker targets, study shows
IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading
-
News
10 Oct 2012
RSA Europe: Cloud key to future information security, says Qualys
Cloud computing is an opportunity information security professionals should not miss, says Philippe Courtot, CEO of security firm Qualys Continue Reading
-
News
05 Oct 2012
Security firm warns against Samsung Galaxy Tab for enterprise use
Security specialist Context Information Security says vulnerabilities in the Samsung Galaxy Tab make it unsuitable for use in the enterprise Continue Reading
-
News
02 Oct 2012
Hackers target White House military network
Hackers using computers in China have infiltrated an “unclassified” network in the US White House, believed to be used for issuing nuclear commands. Continue Reading
-
News
25 Sep 2012
Security concerns hold back mobile banking adoption
More than two-thirds of smartphone owners have not yet adopted mobile banking apps because of security concerns, a survey has revealed Continue Reading
-
News
18 Sep 2012
Microsoft investigates IE zero-day flaw
Microsoft says it is investigating reports of a vulnerability in Internet Explorer 6, 7, 8, and 9 Continue Reading
-
News
17 Sep 2012
Android devices vulnerable to security breaches
More than 50% of devices running Google's Android OS have unpatched vulnerabilities, opening them up to malicious apps and other attacks Continue Reading
-
Tip
14 Aug 2012
Mobile application security issues and threat vectors in enterprises
As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises. Continue Reading
-
News
10 Jul 2012
Microsoft repairs dangerous XML Core Services zero-day flaw
The Microsoft XML Core Services vulnerability is being actively targeted by cybercriminals. In addition, Microsoft issued a critical update to Internet Explorer 9. Continue Reading
-
Answer
18 May 2012
File upload security best practices: Block a malicious file upload
Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Continue Reading
-
Tutorial
09 May 2012
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Continue Reading
-
News
19 Mar 2012
Study: Shnakule, four other malnets caused most 2011 attacks
Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012. Continue Reading
-
Answer
05 Mar 2012
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading
-
News
24 Feb 2012
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading
-
News
03 Feb 2012
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading