Security News


Rundown on risk: Untangling security

Some pundits view IT security today as immature, insecure and out of control. Every organization should develop internal expertise in this area.

Review: Qwik-Fix Pro

Qwik-Fix tries to prevent malware from attacking your computer by hardening Windows. In some cases, this fixes vulnerabilities months before Microsoft releases patches.

Review: Metasploit Framework

Think it's tough to exploit a buffer overflow in Windows? Download this tool and you might change your mind.

Intel, Oracle boost Liberty Alliance

The Liberty Alliance Project, the non-profit trade group organized to develop open standards and tools for federated network identity, has added some more industry heavyweights to its ranks. Intel and Oracle were among seven organizations that joined as sponsor members recently.

RSA eases security process for Java developers

RSA, Bsafe SWS-J, may spell relief for Java coders working on Web services applications. The new product provides security mechanisms based on the Oasis WS-Security standard that developers can simply add to their application.

XML and Web Services: Are We Secure Yet?

From confidentiality, integrity, and availability to authentication, authorization, and audit, find out how you can employ best practices to make Web services secure.

Review: Groove Virtual Office 3.0

The new version of Groove is more tightly integrated with Windows than ever before. It deserves a spot in any far-flung enterprise or extranet collaboration picture.

iPods and like devices pose enterprise security threat, says Gartner

Anyone who needed another example of just how radically network security issues have shifted over the past few years must look no further than last week's recommendation from IT industry analysts at Gartner that corporations consider banning Apple Computer's wildly popular portable music player, the iPod, from the workplace.

Where management and security collide

Web services security is being built into everything from major Web app development platforms to integration and other software.

Q&A: A look at static binary analysis and better app security

ADT's Programmers Report occasionally looks at security issues from the point of view of source code analysis and better coding practices. We recently met with Chris Wysopal, vice president of R&D for @stake Inc., and thought he had a different take on this issue. What follows are excerpts from an e-mail interview.

The Security Cycle

A recent security vulnerability suggests that maybe the once a month Microsoft patch cycle wasn't such a good idea after all.

Briefing: Fortify Software

Fortify Software offers a high-end static analysis tool set dedicated to checking security issues.

All That JAAS

JAAS is based on the Pluggable Authentication Modules model and provides authentication and authorization services. Check out its many security benefits for Java applications.

At TechEd: Longhorn can wait: Security patch for XP is priority

Microsoft is urging developers working on or maintaining applications running on Windows XP to get up to speed on Service Pack 2 (SP2), currently a Release Candidate 1 (RC1).

WS-I Security Spec set for public comment

The Web Services Interoperability (WS-I) Organization has released the working-group draft of its Basic Security Profile for public comment.

The danger of the magpie developer

There are lots of ways to think about good software. Is the balance seriously off in recent years?

Security steps for developers

Don't leave application security for tomorrow.

Gartner says budget for Sasser, other worms raising costs

Malicious exploitations of Windows vulnerabilities have become such a common occurrence that Gartner is advising its Windows-using customers to plan for them in their budgets.

Authors provide black-hat insights into security

Since 1996, security guru Dr. Gary McGraw has been admonishing software developers to consider threats and vulnerabilities early in the development cycle. For attackers, it's all about getting to exploitable code, McGraw believes, which ultimately puts the security onus on programmers.

Review: CAS/Tester

CAS/Tester is an innovative product for the .NET developer that shows how your code will react under a variety of security limitations.