Purveyors of distributed denial of service (DDoS) attacks are continuing to ramp up their game, with a growing number of companies being targeted multiple times and overall volumes of large attacks surging over last year.
David Braue | 10 Jun | Read more
Adobe has joined a bug disclosure program that invites researchers to report new flaws in its web applications. What can hackers expect for their work? Not a cash bounty.
Google has launched a vulnerability scanner that only targets two web application flaws by hammering them in a multi-stage attack. While it misses many bugs, the result for developers may be cheaper manual security reviews.
Even my favorite small sushi shop has a website with an online ordering capability. It also has a blog with news, events, and recipes and an option to subscribe to the newsletter.
Viktor Polic | 09 May | Read more
The number of disclosed security vulnerabilities is projected to decline or stay on par with last year, according to IBM’s X-Force 2013 Mid-Year Trend and Risk Report.
Rebecca Merrett | 26 Sep | Read more
A Web application firewall (WAF) is designed to protect Web applications against common attacks such as <a href="http://blogs.csoonline.com/xss_the_spark_to_the_ajax_dynamite">cross-site scripting</a> and <a href="http://blogs.csoonline.com/sans_warns_of_mass_sql_injection_attacks">SQL injection</a>. Whereas network firewalls defend the perimeter of the network, WAFs sit between the Web client and Web server, analyzing application-layer traffic for violations in the programmed security policy, says Michael Cobb, founder of Cobweb Applications, a security consultancy.
Mary Brandel | 11 Jun | Read more
This guide details the threats common to websites and web applications and what you can do to mitigate them. • The data centre perimeter is dead. But its memory lives on in the way many IT departments continue to secure their infrastructure. • Businesses must determine which of their assets are most at risk and determine their tolerance for risk. • Managing that risk means extending security controls to the cloud