Application security and coding requirements
-
E-Zine
07 Dec 2023
CW EMEA: Prepare for cyber war
When the war between Hamas and Israel began in October, cyber security professionals and major government and private organisations braced for an inevitable accompanying online war. In this issue of CW EMEA, we outline cyber war, patterns of threat activity, and find out what security teams can do to protect their organisations. We also look at Finland’s advances in quantum computing, how Belgian researchers have developed technology to help datacentres process data faster, and the secrets of KPN’s successful business transformation. Read the issue now. Continue Reading
-
News
21 Mar 2023
Nordics move towards common cyber defence strategy
Nordic countries agree to work together to improve their cyber defences amid increasing threat Continue Reading
-
News
18 May 2015
Whitehall technology chiefs vetoed new Windows XP support deal
Government technology chiefs vetoed a new deal with Microsoft to continue Windows XP support to force laggards to move off the OS Continue Reading
By- Bryan Glick, Editor in chief
-
News
30 Apr 2015
IoT benefits and privacy not mutually exclusive, says industry expert
It is possible to mitigate the privacy and security risks of the internet of things (IoT) without losing its benefits, according to an industry expert Continue Reading
By- Warwick Ashford, Senior analyst
-
News
27 Feb 2015
Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence
Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading
-
News
24 Feb 2015
PrivDog SSL compromise potentially worse than Superfish
Some versions of PrivDog software designed to block online ads compromise internet security in a similar way to Superfish Continue Reading
By- Warwick Ashford, Senior analyst
-
E-Zine
26 Jan 2015
Why we need cyber war games
In this week’s Computer Weekly, the UK and US are starting a cyber war on each other – all in the name of testing each other’s defences. We look at why the cyber war games are needed. We examine what IT managers can learn from the car industry to improve supplier relationship management. And we find out why innovation should be top of the IT agenda in 2015. Read the issue now. Continue Reading
-
News
06 Jan 2015
Google under fire over Windows zero-day disclosure
Google has come under fire for publishing a proof-of-concept attack exploiting a flaw in Windows 8.1 before Microsoft had released a security update Continue Reading
By- Warwick Ashford, Senior analyst
-
E-Zine
05 Jan 2015
CW Europe – January 2015 Edition
As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading
-
News
17 Dec 2014
Cabinet Office begins procurement for next stage of Gov.uk Verify
The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading
By- Caroline Baldwin, Freelance editor and journalist
-
News
17 Dec 2014
US interception in the EU faces new legal challenges
US government orders against Microsoft to hand over email data 'infringes privacy legislation' in other countries Continue Reading
By- Fiona O’Cleirigh
-
News
28 Nov 2014
CGI secures communications between pilots and air traffic control
Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading
By- Karl Flinders, Chief reporter and senior editor EMEA
-
Feature
25 Nov 2014
How the development of standards will affect the internet of things
As the internet of things (IoT) grows, so will the number of applications developed to control internet-connected devices and objects Continue Reading
By- Clare McDonald, Business Editor
-
News
09 Oct 2014
WordPress most attacked application
Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading
By- Karl Flinders, Chief reporter and senior editor EMEA
-
News
08 Oct 2014
Malware being used to steal cash from ATMs
Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading
By- Karl Flinders, Chief reporter and senior editor EMEA
-
E-Zine
03 Oct 2014
CW Europe - October 2014 Edition
BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading
-
E-Zine
29 Sep 2014
Hacking IT from the inside
In this week’s Computer Weekly, car giant Daimler talks about its IT security strategy and the benefits of having its own in-house hacking team. App developers are under fire for collecting too much personal data – we examine the latest best practice. Our new buyer’s guide looks at virtualisation backup. And our review of Microsoft’s Surface Pro 3 tablet asks whether it can replace the laptop. Read the issue now. Continue Reading
-
News
17 Sep 2014
KPMG: IoT, 3D printing and healthcare IT to have most impact
Internet of things (IoT), 3D printing and biotech or healthcare IT are among the IT trends that will change the way people work and live Continue Reading
By- Archana Venkatraman, Datacentre Editor
-
News
15 Sep 2014
Salesforce issues advice on avoiding Dyreza attack
Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus Continue Reading
By- Cliff Saran, Managing Editor
-
News
27 Aug 2014
Security experts identify top 10 software design flaws
The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading
By- Warwick Ashford, Senior analyst
-
E-Zine
26 Aug 2014
Can national security and privacy co-exist?
In this week’s Computer Weekly, we talk to NSA whistleblower Bill Binney about the often-conflicting needs of security and privacy. We find out how Google is using artificial intelligence to improve datacentre energy efficiency. And we look at a project to use wearable technology and big data to help tackle Parkinson’s disease. Read the issue now Continue Reading
-
Feature
20 Aug 2014
The internet of things is coming: Is your datacentre ready?
Gartner estimates the IoT will see 26 billion units installed by 2020 – channelling huge volumes of data traffic into datacentres Continue Reading
-
News
11 Aug 2014
USB-connected devices present cyber vulnerabilities
Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading
By- Caroline Baldwin, Freelance editor and journalist
-
News
04 Jul 2014
Barclays passes government’s ‘internet-born threat’ test
Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading
-
News
03 Jul 2014
Netflix releases its AWS monitoring tool Security Monkey into the wild
Netflix has made Security Monkey, the AWS tracker tool it built for itself, freely available to other Amazon cloud users Continue Reading
By- Archana Venkatraman, Datacentre Editor
-
E-Zine
30 Jun 2014
Supporting Apple in the enterprise
In this week’s Computer Weekly, our latest buyer’s guide takes an in-depth look at how to support Apple products in an enterprise IT infrastructure. We find out how eBay built its own Openstack private cloud. And the chief of the government’s G-Cloud programme talks about changing public sector IT procurement. Read the issue now. Continue Reading
-
News
25 Apr 2014
Heartbleed prompts tech firms to pledge open-source support
Top tech firms have joined forces to support open-source software to help prevent future bugs like Heartbleed Continue Reading
By- Warwick Ashford, Senior analyst
-
News
17 Apr 2014
Datacentre lessons learnt from Heartbleed bug
The Heartbleed bug, an OpenSSL flaw affecting millions of websites, has some lessons for datacentre providers and operators Continue Reading
By- Archana Venkatraman, Datacentre Editor
-
Photo Story
17 Mar 2014
The Cyber Security Challenge UK 2014
The Cyber Security Challenge UK is a series of events designed to test the ability of thousands of amateur applicants who have skills in the cyber security space. Continue Reading
By- Clare McDonald, Business Editor
-
Feature
14 Mar 2014
Hacktivism: good or evil?
IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading
By- Dai Davis, Percy Crow Davis & Co
-
News
04 Mar 2014
Governance, Risk Management and Compliance (GRC)
Ensuring that all the stakeholders' information needs are met requires a holistic approach to managing information – the creation of a GRC platform, say analysts Clive Longbottom and Rob Bamforth. Continue Reading
-
News
21 Feb 2014
Employee mobiles expose firms to attack, says Webroot
Employees mobile devices expose companies to malicious applications and attacks, according to the latest mobile threat report from Webroot Continue Reading
By- Warwick Ashford, Senior analyst
-
News
05 Feb 2014
Bank of England publishes Waking Shark II cyber security exercise results
Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading
By- Caroline Baldwin, Freelance editor and journalist
-
News
23 Jan 2014
US startup aims to turn tables on hackers
US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading
By- Warwick Ashford, Senior analyst
-
News
10 Jan 2014
More than 1,100 DWP workers disciplined over benefits snooping
More than 1,100 employees at the Department for Work and Pensions have received official warnings since 2008 for prying into benefits records Continue Reading
By- Caroline Baldwin, Freelance editor and journalist
-
News
10 Jan 2014
Security considerations for UK enterprises
This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading
-
News
05 Dec 2013
UK citizen sues Microsoft over Prism private data leak to NSA
A court action brought in the UK will test Microsoft's legal right to disclose private data on UK citizens to US intelligence services Continue Reading
By- Fiona O’Cleirigh
-
News
05 Dec 2013
Cybercrime and warfare: All that matters
Peter Warren and Michael Streeter assess the history, scale and importance of cyber crime in this chapter from their book, Cybercrime and warfare: All That Matters. Continue Reading
-
Feature
25 Nov 2013
Optimising performance and security of web-based software
On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading
By -
News
12 Nov 2013
Global profiles of the fraudster
Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading
-
Feature
11 Nov 2013
Why agile development races ahead of traditional testing
Traditional testing practices optimise large, centralised testing but struggle to support the rapid delivery of agile development. Continue Reading
By- Diego Lo Giudice
-
News
30 Oct 2013
Identity assurance system moves into beta test phase
The Government Digital Service has started testing of a key system to support plans for citizens to securely prove their identity when accessing online public services Continue Reading
By- Bryan Glick, Editor in chief
-
News
05 Sep 2013
Windows 2012 Server Network Security
This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading
-
News
05 Sep 2013
Windows Server 2012 Security from End to Edge and Beyond
This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading
-
News
05 Sep 2013
Printing: a false sense of security?
Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading
-
News
23 Aug 2013
Box.com forges new cloud security model
Service providers and consumers need to move to a security model better suited to the cloud computing, says Box.com Continue Reading
By- Warwick Ashford, Senior analyst
-
News
20 Aug 2013
Targeted attacks and how to defend against them
Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading
-
News
19 Jul 2013
Facebook to acquire UK startup Monoidics
Facebook is to acquire UK startup Monoidics, which makes code verification and analysis tools and specialises in detecting coding errors Continue Reading
By- Warwick Ashford, Senior analyst
-
News
19 Jul 2013
IT security case studies
Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading
-
News
18 Jul 2013
Needle in a Datastack: The rise of big security data
This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading
-
News
17 Jul 2013
IT Security Case Studies
Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading
-
News
15 Jul 2013
Black market for software security flaws reaches new highs
The black market in previously undiscovered vulnerabilities in commercial software is so established that the average flaw sells for up to $160,000 Continue Reading
By- Warwick Ashford, Senior analyst
-
News
10 Jun 2013
Telefonica Digital forms security group Eleven Paths
The business division of mobile operator Telefonica launches Eleven Paths, an independent company working on security issues in the workplace Continue Reading
By- Jennifer Scott, TechTarget
-
News
15 May 2013
Microsoft declares conformance with ISO 27034-1
Microsoft has declared conformance with ISO 27034-1, the first part of an international standard for secure software development Continue Reading
By- Warwick Ashford, Senior analyst
-
News
13 May 2013
Cyber criminals hack Washington court system
Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading
By- Karl Flinders, Chief reporter and senior editor EMEA
-
News
01 May 2013
CW buyer's guide: context-aware security
This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading
-
News
01 May 2013
CW Special Report on CSC
This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading
-
News
22 Apr 2013
US jails LulzSec hacker Cody Kretsinger
The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading
By- Warwick Ashford, Senior analyst
-
News
19 Apr 2013
Conficker makes way for web-based attacks, says Microsoft
Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading
By- Warwick Ashford, Senior analyst
-
News
11 Apr 2013
Bots and web apps among top threats to data security, says Check Point
Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading
By- Warwick Ashford, Senior analyst
-
Opinion
25 Mar 2013
Securing the hypervisor: expert tips
There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
25 Mar 2013
Malware in counterfeit software to cost business $114bn in 2013
Dealing with malware in counterfeit software will cost global enterprises an estimated $114bn in 2013, says research firm IDC Continue Reading
By- Warwick Ashford, Senior analyst
-
News
28 Feb 2013
RSA 2013: Suppliers need to prepare for new security vulnerability handling standards
Software makers and online service providers need to prepare for two ISO standards on vulnerability handling processes due by the end of 2013 Continue Reading
By- Warwick Ashford, Senior analyst
-
News
06 Dec 2012
2012 Cost of Cyber Crime Study: UK
The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading
-
News
03 Dec 2012
IT Security Purchasing Intentions 2013
This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading
-
News
13 Nov 2012
Mobile Security Strategies
This exclusive report for Computer Weekly members explains the security risks and challenges of using mobile devices in the enterprise. Continue Reading
-
News
13 Nov 2012
The Global State of Information Security Survey 2013: Key Findings
This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading
-
Tip
01 Nov 2012
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Continue Reading
By- Celia Rexselin Aloysius, Contributor
-
News
30 Oct 2012
IT security budgets mismatched to hacker targets, study shows
IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading
By- Warwick Ashford, Senior analyst
-
Tip
09 Oct 2012
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Continue Reading
By- Lavakumar Kuppan, Contributor
-
Feature
17 Sep 2012
Static code analysis tools gain traction in India as SDL models mature
Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Continue Reading
By- Varun Haran, Reporter
-
Video
24 May 2012
Screencast: Employ the FOCA tool as a metadata extractor
Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Continue Reading
-
News
18 May 2012
MDM, security vendors scramble to address BYOD security issues
Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products. Continue Reading
By- Tracey Caldwell, Contributor
-
News
24 Apr 2012
Investigation reveals serious cloud computing data security flaws
Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk. Continue Reading
By -
Photo Story
29 Mar 2012
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Continue Reading
By- Disha Agarwal, Contributor
-
Tutorial
27 Mar 2012
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Continue Reading
By- Karthik Poojary, Amazon
-
Answer
05 Mar 2012
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading
By -
News
24 Feb 2012
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading
By -
News
08 Feb 2012
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. Continue Reading
By -
News
03 Feb 2012
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading
By -
Tutorial
23 Jan 2012
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Continue Reading
By- Karthik Poojary, Amazon
-
Tip
19 Dec 2011
Segregation of duties: Small business best practices
Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Continue Reading
By -
News
05 Dec 2011
Concerned about tablet security issues? Some are, others not so much
Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm. Continue Reading
By -
News
04 Aug 2011
Missing USB drive, found in pub, contained unencrypted data
The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub. Continue Reading
By -
Tip
13 Jul 2011
SAP security tutorial: Top 10 SAP security implementation steps
Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Continue Reading
By- Richard Hunt, Turnkey Consulting
-
News
06 Jul 2011
Network security case study: College’s NAC virtual appliance makes grade
Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand. Continue Reading
By -
News
25 May 2011
Virtual desktop benefits include tighter security, hot desking
With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%. Continue Reading
By -
News
20 Apr 2011
Shutting down a botnet, US Government disables Coreflood
Coreflood, a botnet almost ten years old, has been taken down by the FBI and US Department of Justice by obtaining permission to hijack the command and control servers and send a 'stop' command to infected PCs. Is this overstepping the privacy line? Continue Reading
By- Stephen Gillies
-
Tip
19 Apr 2011
Secure SDLC best practices
While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment. Continue Reading
By- Puneet Mehta, SDG
-
Tutorial
22 Feb 2011
Information security tutorials
SearchSecurity.co.uk's tutorials offer a variety of online information security training courses you can take on your own time at your own pace specifically for UK readers. They are designed to arm you with the foundational and tactical information you need to deal with the increasingly challenging job of keeping your organization's information secure. Continue Reading
-
Tip
17 Nov 2010
How to use the Microsoft FCIV command-line checksum tool
Downloading files from the Internet always poses a risk, but there are strategies that can make the process more secure. In this tip, Michael Cobb explains how to use the Microsoft FCIV tool to check the hash values of downloaded files and create hashes and checksums of you own. Continue Reading
By -
Answer
08 Sep 2010
Dynamic code analysis vs. static analysis source code testing
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response. Continue Reading
-
Answer
28 Apr 2008
What are the dangers of using Facebook, other social networking sites?
Ken Munro discusses the dangers associated with allowing employees to access social networking sites such as Facebook, and explains how corporations can avoid these risks by monitoring the information placed in employee profiles and using email filters. Continue Reading
By