Security News

SOA drives need for XML security

Deliberate attacks on Web services is one obvious risk enterprises take when building such apps, and sloppy data can wreak just as much havoc. But one expert says XML security is where it’s at for adopters of service-oriented architectures (SOA).

Security and SOX: Are CIOs Missing the Boat?

Many CIOs arrived late to Sarbanes-Oxley efforts

New Yahoo Shield May Dry Up the Phishing Well

Phishing is one of the fastest growing security threats today but one search engine is developing a solution that lets users secure their info by customizing their login pages.

New Software to Secure SOA-driven Apps

Security remains a key reason why some developers continue to shy away from service-oriented architectures (SOA) but as awareness grows, so are solutions. And IBM announced plans to release new System z mainframe integration software that will help secure SOA-based apps.

Ruby on Rails Hits the Skids With Serious Flaw

The Ruby on Rails management team has released fixes for a serious security vulnerability in several versions of its development tool that could allow an attacker to take down a Rails process.

Apocalypse How? Next-gen Viruses, Worms

Recent worms and viruses targeting Web apps didn’t have much impact, but may only be the tip of the iceberg. Researchers warn that the next iterations of these attacks are imminent and could have catastrophic results.

JavaScript Security Vulnerabilities: Weakness in Web 2.0

A glaring spotlight is now focused on vulnerabilities inherent in a key enabler of the new breed of dynamic Web pages. Demonstrations at last week's annual Black Hat cybersecurity conference employed Web-page-embedded JavaScript to attack corporate servers.

Two-Factor Authentication: The Single Sign-on Solution?

New online risk-monitoring and strong-authentication technologies are helping banks meet looming FFIEC online authentication deadlines

CA Issues Upgrade for WebScan Flaw

CA is recommending that users of its popular eTrust Antivirus WebScan upgrade to protect against flaws that can allow a remote attacker to execute arbitrary code or compromise the integrity of the WebScan software.

Developers: Think Like a Hacker to Beat a Hacker

Like a game of chess, app security boils down to a series of attacks and countermoves, and developers need to do what they can during production before they become another hacker’s pawn. But one expert says that's easier said than done.

Filtering Technology Looks Beyond Content

Companies are increasingly deploying filtering technology to address a number of information security threats, ranging from in-bound spyware to unapproved use of VoIP.

Microsoft Confirms Windows Denial-of-Service Flaw

No patch is available yet for a Microsoft Windows flaw that could allow a remote attacker to crash the system and produce a blue screen.

Scan for security issues while building apps

The old adage, “there’s nothing to fear but fear itself” is seldom accurate in the IT industry. Obviously, Franklin D. Roosevelt never had to secure a Web site in his lifetime. With the risks in today’s world, one company is taking the “fear” out of Web services with improved app scanning software that puts the developer in the driver’s seat.

Security 101 for Web 2.0

Experts have long said that AJAX, used to increase and speed site interactivity, could also be used to amplify attacks against outward facing Web apps—particularly against providers of Software-as-a-Service.

McAfee admits, fixes design flaw

The antivirus software selected by more than one-third of companies throughout the United States and Europe was the subject of a serious security flaw earlier this year, leaving its users in the dark. McAfee publicized the flaw and its fix through an apologetic e-mail issued to its customers last week.

Q&A: The quest (and justification) for trustworthy code

Creating more secure apps is a laborious process, as is justifying the related expenditures to senior management. To learn how companies can better facilitate such processes, we talk to Dr. Herbert H. Thompson, the chief security strategist of Wilmington, Mass.-based Security Innovation Inc., an application security services provider.

Protegrity offers enterprise data security in its entirety

Protegrity touts Defiance Security Software, Suite 4.1, as the most comprehensive security software available to date, enabling users to implement an all-encompassing method of data protection and business apps.

Spyware threats skyrocket for enterprises

Spyware is the fastest-growing threat to enterprises, increasing more rapidly than Trojans, viruses and other risks. And experts believe spyware will stick around.

Plug In RBAC Security for Enterprises

Reduce maintenance costs from security logic that is interwoven with application logic. Apply a simple design that lets you plug in a role-based access control component.

AOL takes aim with security software

This summer AOL plans to add two tools to its repertoire to provide users with firewall, antivirus and antispyware security—tools that will likely rival similar products from Symantec, McAfee and Microsoft.

Upcoming Events


Sign up for our newsletter.

I agree to this site's Privacy Policy.