- Wherever You Go, There They Are: The Perils of Cross-Site Tracking
- Jan 23, 2009
- Greg Conti examines the practice of cross-site tracking and offers ways to block, or at least minimize, it.
|
- Securing PHP Web Applications: Cross-Site Scripting
- Jan 22, 2009
- In this chapter, the authors cover a special type of injection attack called cross-site scripting, or XSS.
|
- Software [In]security: Top 11 Reasons Why Top 10 (or Top 25) Lists Don’t Work
- Jan 13, 2009
- Gary McGraw explains why there’s more to software security than watching the bug parade march by.
|
- Clickjacking: What You Need to Know
- Jan 5, 2009
- pdp explains how clickjacking attacks can hijack your mouse clicks in an attempt to trick you into giving away control of your privacy, your computer system, and possibly even your bank account.
|
- Setting Up Web Filtering for a Network Using OpenDNS (Part 3)
- Dec 26, 2008
- Eric Geier shows you how to manage multiple networks with one account using OpenDNS.
|
- Botnets II: Emerging Threats, Tactics, and Defenses
- Dec 19, 2008
- Carolyn Meinel describes some of the more promising efforts to combat threats from botnets.
|
- Software [In]security: Software Security Top 10 Surprises
- Dec 15, 2008
- In the course of analyzing real-world data from top software security firms, Gary McGraw, Brian Chess, and Sammy Migues unearthed some surprises.
|
- Botnets, Part 1: Why They Strike and How to Defend Against Them
- Dec 5, 2008
- Carolyn Meinel describes the threats posed by increasingly sophisticated botnets and dives into some of the latest technology designed to stop them.
|
- Installing and Configuring TrueCrypt for Full Disk Encryption
- Nov 24, 2008
- Security expert Randy Nash describes how he deployed a FDE solution using the free, cross-platform, and open-source solution from TrueCrypt.
|
- Software [In]security: Web Applications and Software Security
- Nov 14, 2008
- Gary McGraw argues that by understanding the relationship between Web application security and traditional software security, we can better understand security issues on both fronts.
|
- CCNA Exam 640-553 Exam Cram: Implementing Secure Management and Hardening the Router
- Oct 21, 2008
- This chapter outlines some methods to protect the confidentiality of remote sessions to the router.
|
- Software [In]security: A Software Security Framework: Working Towards a Realistic Maturity Model
- Oct 15, 2008
- Gary McGraw and Brian Chess introduce a software security framework (SSF) to help understand and plan a software security initiative.
|
- The Truth About Identity Theft: Truth 27 -- ATM Scams
- Oct 2, 2008
- Can someone build a fake ATM to steal your card and pin? The author did. Learn how he constructed a fake ATM and how to protect yourself.
|
- VoIP Threat Taxonomy
- Sep 24, 2008
- This chapter categorizes the main threats against VoIP service and explains their impact and possible methods of protection.
|
- Software [In]security: Getting Past the Bug Parade
- Sep 17, 2008
- Gary McGraw explains why more attention should be paid to finding software flaws through the use of threat modeling and architectural risk analysis.
|
- Security Analysis of a Scan-to-PC Solution
- Sep 12, 2008
- Seth Fogie provides a Security Analysis of "Scan-to-PC" solutions and highlights several security issues that need to be addressed before implementation.
|
- Spam: Unwanted Email from Hell
- Sep 9, 2008
- Andy Walker explains what spam is, where it comes from, and what to do about it.
|
- No Time to Patch
- Sep 5, 2008
- Randy Nash discusses the problems of exploits and malicious code and offers some suggestions to reduce the time to patch these vulnerabilities.
|
- Visual Security Analysis
- Aug 26, 2008
- Raffael Marty shows different ways of analyzing security data using visual approaches.
|
- Attacking and Defending the Internet with Border Gateway Protocol (BGP)
- Aug 25, 2008
- Carolyn Meinel explains how sysadmins can take advantage of resources offered by several organizations to detect and defeat BGP problems.
|