In light of breaches in Web application security worldwide, the importance of catching potential areas for intrusion is necessary at the beginning. Performing application vulnerability testing during production (and not after a breach has been detected) can save a company thousands of dollars. The only way to ensure the highest level of security is to build it in from the outset. [read article...]

Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.

[read article...]

After a security assessment has been performed as part of the web application development lifecycle, it is important to understand how to address and fix any application vulnerabilities that are uncovered. Learn more about the steps that should be taken during the remediation process, from categorization to testing and validation, and find out why collaboration among developers is critical for success.

[read article...]

It is important for a business to understand the fundamentals of running a vulnerability assessment in order to determine how one will be run and what can be expected from the results. A web application security scanner can automate the process, but a quality assessment may still require actual human eyes to catch specific issues. Learn more about the whys and hows of vulnerability assessments.

[read article...]

The results of an extensive vulnerability assessment of a Web application can appear extensive on first review. However, it is important to understand that many Web application security holes found by such an assessment may in fact not matter to an organization's specific situation. Learn more about how to weed through such findings to establish which need to be addressed and which are in fact not urgent. [read article...]

An important issue facing companies today is Sarbanes-Oxley compliance, but, as the U.S. Sarbanes-Oxley Act of 2002 (SOX) is relatively new, the implementation of the regulation has not been fully established. The requirements of SOX compliance focus on establishing a system of checks and balances for corporate financial reporting and are designed to hold executives, accountants, and auditors of public corporations to higher standards.

[read article...]

Security risk assessment and security risk management have become vital tasks for security officers and IT managers. This article looks at some of the issues.

[read article...]

Your Web applications can be the most important and most vulnerable entry point into your organization, and, as such, ensuring adequate hacker protection in your Web applications can be critical. A Web application not only includes the code that creates your Web site, but also the architectural components necessary to make a Web site available and useful to the public – both of which can make a Web site vulnerable to attacks like SQL injection or cross site scripting (XSS). When considering hacker protection for your Web applications, you must account for all the components that work together to create a Web site, not just the visible face presented to the world at large.

[read article...]

By now, most companies recognize that network security is an important aspect of daily operations, but few realize how quickly new methods of Internet attacks are being invented. While organizations rush to develop their security policies and implement even a basic security foundation, the professional hacker continues to find new ways to attack by modifying old Internet worms, Trojans, and viruses, or creating completely new ones.  Recently, the attention of these hackers has reverted to Internet attacks targeted at the application layer, which can include either shrink-wrapped or custom applications. This layer is commonly the least protected layer of an organization's network. Industry experts estimate that three-fourths of the successful attacks targeting corporate networks are perpetrated via the application layer. Considering the nature of Web applications that allow access to internal and external audiences, these Internet attacks can pose a serious threat to an organization's back-end data without the organization's knowledge... [read article...]