Expert analysis
Creating A Culture Of Security – The Real Challenge
Why is business still plagued by poor data security? Why do we constantly read stories about security breaches, data theft and customer lawsuits stemming from confidential …
Automated Scanning vs. The OWASP Top Ten
The OWASP Top Ten is a list of the most critical web application security flaws – a list also often used as a minimum standard for web application vulnerability …
The Mighty Sniffer
One of the most important tools in a security professional’s arsenal is the mighty ‘sniffer’. Its power is never underestimated, never undervalued. A sniffer …
Q&A with Amichai Shulman on the Critical Vulnerability in AJAX Technology
Recently, the Imperva Application Defense Center announced the discovery of a critical vulnerability in DWR (Direct Web Reporting), a key underlying technology in the AJAX web …
Risk Mitigation for Legacy Windows NT 4.0 Systems
Arguably one of today’s biggest risks for network security and compliance are lingering systems that are no longer supported by their vendors. The security flaws in …
Where’s the ROI on Security Hardware?
Every organization sees security as an area where you can never have too much, but the cost of securing the network is effectively money lost. Security comes at a price, but …
Botox And IT Security – Is It Too Late For You?
As a fifty something male, personal grooming takes on whole new meaning. You realize that when you start typing “Botox” on Google that things are getting serious. …
PCI Data Security Standard Calls for Next-Generation Network Security
The widespread use of credit cards for virtually all of our financial transactions has increased exponentially with the rapid adoption of e-commerce throughout the worldwide …
The Truth About Patching
As arguments continue to rage about whether an agent-based or agentless patching technique is more effective, see which side you’re on after we dispel five common myths. …
Introduction to the Windows Management Instrumentation Command-line (WMIC)
It’s quite possible you’ve never heard of the Windows Management Instrumentation Command-line (WMIC), but this well kept secret command-line tool is immensely …
E-Mail Content Security: Filtering Out the Hype
E-mail is at risk – vulnerable to external attack from viruses, spam, spyware and phishing technologies. And vulnerable to abuse from within, which could result in: …
Introducing Stealth Malware Taxonomy
At the beginning of this year, at Black Hat Federal Conference, I proposed a simple taxonomy that could be used to classify stealth malware according to how it interacts with …