Expert analysis
QualysGuard Web Application Scanning
Yesterday, Qualys released version 2.1 of QualysGuard Web Application Scanning (WAS), that integrates with Selenium to help companies further automate scanning of web …
Information security or IT security?
One would think that these two terms are synonyms – after all, isn’t information security all about computers? Not really. The basic point is this – you …
Does risk outweigh the benefits from the cloud?
Cloud computing provides organizations with an alternative way of obtaining IT services and offers many benefits including increased flexibility as well as cost reduction. …
Mass manipulation through automated social engineering
In the past few years, social engineering has become cyber attackers’ preferred method for gaining access to target systems, and it usually takes the form of a spoofed …
Spammers’ URL shortening sites highlight weakness of old security
A recent Web threat report warned that spammers are now using their own URL shortening servicesto lure spam recipients into clicking on malicious web links. These use the …
A study of hacker forums
Recently Imperva released a report analyzing the content and activities of an online hacker forum with nearly 220,000 registered members. In this podcast, Rob Rachwald, the …
How does GFI LanGuard help network administrators?
Managing an IT network that is continuously changing and growing is not a trivial task. Once the network comprises more than a handful of machines, it becomes a …
A tech theory coming of age
As early as 2005, many industry analysts predicted “consumerization” — the introduction of consumer-owned/purchased devices into enterprise and business …
New mass SQL injection attack making rounds
Again a mass SQL injection attack is making its rounds on the web – this one called jjghui referring to the website it redirects traffic to. As Armorize reported, this …
Microsoft puts vulnerability exploitation into context
Recently Microsoft released the 11th volume of the Microsoft Security Intelligence Report, the most comprehensive version of this report to date. In this podcast, Tim Rains, …
Mitigating the BEAST attack on TLS
During the summer rumours about a new attack against SSL started circulating. Then Opera released a patch, but made no comment about what it was patching. Eventually enough …
Testing web applications for security flaws
David Hoelzer is the Director of Research, Enclave Forensics and a SANS Trainer. In this interview he discusses web application testing, offers advice for those on the hunt …
Featured news
Resources
Don't miss
- Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
- New Microsoft accounts will be “passwordless by default”
- Why SMEs can no longer afford to ignore cyber risk
- Preparing for the next wave of machine identity growth
- Hottest cybersecurity open-source tools of the month: April 2025