Expert analysis
New mass SQL injection attack making rounds
Again a mass SQL injection attack is making its rounds on the web – this one called jjghui referring to the website it redirects traffic to. As Armorize reported, this …
Microsoft puts vulnerability exploitation into context
Recently Microsoft released the 11th volume of the Microsoft Security Intelligence Report, the most comprehensive version of this report to date. In this podcast, Tim Rains, …
Mitigating the BEAST attack on TLS
During the summer rumours about a new attack against SSL started circulating. Then Opera released a patch, but made no comment about what it was patching. Eventually enough …
Testing web applications for security flaws
David Hoelzer is the Director of Research, Enclave Forensics and a SANS Trainer. In this interview he discusses web application testing, offers advice for those on the hunt …
SANS London 2011 training
Andrew Smith is the Managing Director, EMEA, for the SANS Institute. In this interview he discusses the SANS London 2011 training event and offers insight into what exactly …
Demystifying cloud computing security
Phil Neray is the VP, Data Security Strategy, InfoSphere Guardium & Optim at IBM. In this interview Phil talks about the complex issues surrounding cloud computing …
How well do you know SSL?
Ivan Ristic, the Director or Engineering at Qualys, talks about the research done by SSL Labs. SSL Labs is a collection of documents, tools and thoughts related to SSL. …
Back to the future: Why IT managers should care about firewall management
A number of classic scenes in film and literature involved a group approaching a walled city or castle only to be stopped by a gatekeeper and asked, “Halt, who goes …
Verizon Business data breach investigations report 2011: 8 days a week
What can be learned from the investigation into successful data breaches? What are the latest trends and techniques used by attackers? Get a front row seat at the breach cases …
Patching strategies
Cybercriminals have initiated an arms race by refining the malware manufacturing and development process to systematically bypass defense mechanisms. There are many …
Using online advertising to find out if your data is valuable to a criminal
As it becomes harder for criminals to steal and exploit credit card data, will they give up their carefully crafted tools and stock of zero-day vulnerabilities, or will they …
SSL Labs launches two Convergence notaries
Convergence is Moxie Marlinspike‘s attempt to introduce fresh thinking into the debate about PKI, certificate authorities, and trust. A hint of what was in the works was …
Featured news
Resources
Don't miss
- January 2026 Patch Tuesday forecast: And so it continues
- How AI agents are turning security inside-out
- Security teams are paying more attention to the energy cost of detection
- Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
- PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)