Expert analysis
Network and information security in Europe today
In mid Septeber, the 1st NIS Summer School jointly organized by the European Network and Information Security Agency (ENISA) and the Institute of Computer Science of the …
Q&A: Security Visualization
As chief security strategist and director of application product management, Raffael Marty is customer advocate and guardian – expert on all things security and log …
Q&A: Virtualization Security
Jim Chou is the Executive VP of Technology for Apani where he is responsible for the strategic technical development of Apani technology and product portfolio development. In …
Types of Web-Based Client-Side Attacks
While my research is primarily concerned with drive-by-download attacks, I thought I try to summarize other web-based client-side attacks that are out there, many of which are …
SOX, Lies and Security Matters
When it comes to compliance, it’s fairly easy to find out what companies need to do to achieve it. But it’s much harder for companies to find out how they should …
Discovery and Fuzzing for SQL injections with Web 2.0 Applications
Web 2.0 application assessment is becoming increasingly challenging due to their behavior and implementation of the components. It is imperative to identify hidden Web 2.0 …
Rootkit Evolution
I saw my first rootkit in 2004, when I was still a rookie virus analyst. At that point I had some vague knowledge of UNIX-based rootkits. One day I stumbled on an executable …
Application Security Matters: Deploying Enterprise Software Securely
One of the most interesting aspects of being an information security consultant is the exposure to an enormous variety of industries and organizations. From health care to …
Security Risks for Mobile Computing on Public WLANs: Hotspot Registration
Wireless broadband internet access via hotspots is convenient for both the casual surfer and the internet-dependent teleworker. Unfortunately, current security technologies …
Reverse Engineering: Smashing the Signature
Many antivirus and antispyware solutions identify malicious programs by looking for known unique signatures contained inside them. Those signatures are stored inside a …
Internet Terrorist: Does Such A Thing Really Exist?
Recently, I have experienced an increase in organizations questioning how real is the threat of Internet terrorism and what they can do to protect themselves. As a former …
Reputation Attacks: A Little Known Internet Threat
Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are …