Web application security

News 08 May 2025
UK government websites to replace passwords with secure passkeys

Government websites are to replace difficult-to-remember passwords with highly secure passkeys that will protect against phishing and cyber attackers Continue Reading
By
- Bill Goodwin, Computer Weekly
News 07 May 2025
Meta awarded $167m in court battle with spyware mercenaries

WhatsApp owner Meta is awarded millions of dollars in damages and compensation after its service was exploited by users of mercenary spyware developer NSO’s infamous Pegasus mobile malware Continue Reading
By
- Alex Scroxton, Security Editor

News 18 Jul 2013

Needle in a Datastack: The rise of big security data

This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading
News 17 Jul 2013

2013 Cost of Data Breach Study: UK

The cost of data breaches has risen for UK organisations over the past year, the Ponemon Institute reveals. Continue Reading
News 17 Jul 2013

Security Think Tank Download: Bring your own device

Downloadable guide. How to make your company secure when you introduce BYOD. Continue Reading
News 17 Jul 2013

IT Security Case Studies

Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading
News 16 Jul 2013
More than one-fifth of UK firms hit by DDoS attacks in 2012

More than a fifth of UK firms experienced a disruptive distributed denial of service (DDoS) attack in 2012 Continue Reading
By
- Warwick Ashford, Senior analyst
News 24 Jun 2013
Identity management key to browser-based IT strategy

A cloud-based identity management system is key to enabling a browser-based IT strategy at online recruitment firm Reed.co.uk Continue Reading
By
- Warwick Ashford, Senior analyst
News 29 May 2013
Syrian hackers deface Sky Android apps

Syrian hackers have defaced several of Sky’s Android apps, forcing the broadcaster to remove them temporarily from the Google Play store Continue Reading
By
- Warwick Ashford, Senior analyst
News 13 May 2013
Cyber criminals hack Washington court system

Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading
By
- Karl Flinders, Chief reporter and senior editor EMEA
News 01 May 2013

CW buyer's guide: context-aware security

This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading
News 01 May 2013

CW Special Report on CSC

This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading
News 22 Apr 2013
US jails LulzSec hacker Cody Kretsinger

The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading
By
- Warwick Ashford, Senior analyst
News 19 Apr 2013
Conficker makes way for web-based attacks, says Microsoft

Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading
By
- Warwick Ashford, Senior analyst
News 11 Apr 2013
Bots and web apps among top threats to data security, says Check Point

Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading
By
- Warwick Ashford, Senior analyst
Opinion 25 Mar 2013
Securing the hypervisor: expert tips

There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading
By
- Dave Shackleford, Voodoo Security
News 05 Mar 2013

Enterprise Security Architecture – an outsourcer's view

Alan Jenkins, chief security officer of outsourcing specialist, T Systems, explains the company's approach to enterprise security architecture. Continue Reading
News 05 Mar 2013

Enterprise Security Architecture

Mark Brown, Director for Advisory Risk & Information Security at Ernst & Young offers advice to security leaders on developing a robust Enterprise Security Architecture. Continue Reading
News 26 Feb 2013

Virtualization Security: Protecting Virtualized Environments

This extract from the book Virtualization Security, includes a 30% discount for Computer Weekly readers. Continue Reading
News 24 Jan 2013

ICO hits Sony with £250,000 data breach penalty

The Information Commissioner’s office (ICO) has fined Sony Computer Entertainment Europe £250,000 for breaching the Data Protection Act Continue Reading
News 18 Jan 2013

Security visualisation

This article is guideline of how to generate a visual representation of a given dataset and use in the evaluation of known security vulnerabilities Continue Reading
News 14 Jan 2013
Oracle rushes out patches for Java zero days

Oracle has released two out-of-band security updates for the latest zero day vulnerabilities in Java Continue Reading
By
- Warwick Ashford, Senior analyst
News 12 Dec 2012
Ghost Shell hacktivists publish over a million credentials

The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts Continue Reading
By
- Warwick Ashford, Senior analyst
News 07 Dec 2012
UK government jobs website exploited by hackers

Hackers have been able to exploit security flaws in a new government jobs website to steal personal information about job applicants Continue Reading
By
- Warwick Ashford, Senior analyst
News 06 Dec 2012

2012 Cost of Cyber Crime Study: UK

The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading
News 03 Dec 2012

IT Security Purchasing Intentions 2013

This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading
News 27 Nov 2012
Zero-day exploit for Yahoo Mail goes on sale

Hacker sells $700 zero-day exploit for Yahoo Mail that allows attacker to use cross-site scripting vulnerability to steal cookies and hijack accounts Continue Reading
By
- Warwick Ashford, Senior analyst
News 13 Nov 2012

The Global State of Information Security Survey 2013: Key Findings

This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading
News 30 Oct 2012
IT security budgets mismatched to hacker targets, study shows

IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading
By
- Warwick Ashford, Senior analyst
News 10 Oct 2012
RSA Europe: Cloud key to future information security, says Qualys

Cloud computing is an opportunity information security professionals should not miss, says Philippe Courtot, CEO of security firm Qualys Continue Reading
By
- Warwick Ashford, Senior analyst
News 05 Oct 2012
Security firm warns against Samsung Galaxy Tab for enterprise use

Security specialist Context Information Security says vulnerabilities in the Samsung Galaxy Tab make it unsuitable for use in the enterprise Continue Reading
By
- Caroline Baldwin, Freelance editor and journalist
News 02 Oct 2012
Hackers target White House military network

Hackers using computers in China have infiltrated an “unclassified” network in the US White House, believed to be used for issuing nuclear commands. Continue Reading
By
- Cliff Saran, Managing Editor
News 25 Sep 2012
Security concerns hold back mobile banking adoption

More than two-thirds of smartphone owners have not yet adopted mobile banking apps because of security concerns, a survey has revealed Continue Reading
By
- Warwick Ashford, Senior analyst
News 18 Sep 2012
Microsoft investigates IE zero-day flaw

Microsoft says it is investigating reports of a vulnerability in Internet Explorer 6, 7, 8, and 9 Continue Reading
By
- Warwick Ashford, Senior analyst
News 17 Sep 2012
Android devices vulnerable to security breaches

More than 50% of devices running Google's Android OS have unpatched vulnerabilities, opening them up to malicious apps and other attacks Continue Reading
By
- Caroline Baldwin, Freelance editor and journalist
Tip 14 Aug 2012
Mobile application security issues and threat vectors in enterprises

As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises. Continue Reading
By
- Ram Venkatraman
News 10 Jul 2012
Microsoft repairs dangerous XML Core Services zero-day flaw

The Microsoft XML Core Services vulnerability is being actively targeted by cybercriminals. In addition, Microsoft issued a critical update to Internet Explorer 9. Continue Reading
By
- Robert Westervelt, TechTarget
Answer 18 May 2012
File upload security best practices: Block a malicious file upload

Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Continue Reading
By
- Rob Shapland
Tutorial 09 May 2012
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference

Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Continue Reading
By
- SearchSecurity.in Staff
News 19 Mar 2012
Study: Shnakule, four other malnets caused most 2011 attacks

Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012. Continue Reading
By
- Ron Condon
Answer 05 Mar 2012
Session fixation protection: How to stop session fixation attacks

Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading
By
- Rob Shapland
News 24 Feb 2012
Windows security case study: Controlling Windows 7 user privileges

After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading
By
- Ron Condon
News 03 Feb 2012
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7

Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading
By
- Ron Condon
News 29 Dec 2011
Emerging 2012 security trends demand information security policy changes

2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. Continue Reading
By
- Ron Condon
Tip 14 Dec 2011
CSRF attack: How hackers use trusted users for their exploits

A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods. Continue Reading
By
- Karthik Poojary, Amazon
News 07 Mar 2011
Malvertising, pop-up ad virus problems demand more user protection

A recent pop-up ad infection on the London Stock Exchange's website highlights the growing scourge of malicious advertising, or malvertising. Continue Reading
By
- Ron Condon
Tip 18 Jan 2011
Top seven social media threats

Discover the top seven social media threats in the first of a two-part series on social media related security threats and preventive measures. Continue Reading
By
- Shantanu Ghosh
News 10 Mar 2008
Web 2.0 presents no new security challenges, is just marketing hype: Secure Computing

Secure Computing's Scott Montgomery says Web 2.0 security is marketing hype, application flaws come from overworked programmers and Australia is doing better at cyber-security than the USA and Europe. Continue Reading
By
- Simon Sharwood