Application security and coding requirements

WordPress most attacked application

Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Malware being used to steal cash from ATMs

Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW Europe - October 2014 Edition

BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading

Hacking IT from the inside

In this week’s Computer Weekly, car giant Daimler talks about its IT security strategy and the benefits of having its own in-house hacking team. App developers are under fire for collecting too much personal data – we examine the latest best practice. Our new buyer’s guide looks at virtualisation backup. And our review of Microsoft’s Surface Pro 3 tablet asks whether it can replace the laptop. Read the issue now. Continue Reading

KPMG: IoT, 3D printing and healthcare IT to have most impact

Internet of things (IoT), 3D printing and biotech or healthcare IT are among the IT trends that will change the way people work and live Continue Reading

By

• Archana Venkatraman, Datacentre Editor

Salesforce issues advice on avoiding Dyreza attack

Salesforce has issued a set of guidelines on tightening security after a number of its customers were targeted by the Dyreza email virus Continue Reading

By

• Cliff Saran, Managing Editor

Security experts identify top 10 software design flaws

The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading

By

• Warwick Ashford, Senior analyst

Can national security and privacy co-exist?

In this week’s Computer Weekly, we talk to NSA whistleblower Bill Binney about the often-conflicting needs of security and privacy. We find out how Google is using artificial intelligence to improve datacentre energy efficiency. And we look at a project to use wearable technology and big data to help tackle Parkinson’s disease. Read the issue now Continue Reading

The internet of things is coming: Is your datacentre ready?

Gartner estimates the IoT will see 26 billion units installed by 2020 – channelling huge volumes of data traffic into datacentres Continue Reading

By

• Clive Longbottom

USB-connected devices present cyber vulnerabilities

Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Barclays passes government’s ‘internet-born threat’ test

Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading

Netflix releases its AWS monitoring tool Security Monkey into the wild

Netflix has made Security Monkey, the AWS tracker tool it built for itself, freely available to other Amazon cloud users Continue Reading

By

• Archana Venkatraman, Datacentre Editor

Supporting Apple in the enterprise

In this week’s Computer Weekly, our latest buyer’s guide takes an in-depth look at how to support Apple products in an enterprise IT infrastructure. We find out how eBay built its own Openstack private cloud. And the chief of the government’s G-Cloud programme talks about changing public sector IT procurement. Read the issue now. Continue Reading

Heartbleed prompts tech firms to pledge open-source support

Top tech firms have joined forces to support open-source software to help prevent future bugs like Heartbleed Continue Reading

By

• Warwick Ashford, Senior analyst

Datacentre lessons learnt from Heartbleed bug

The Heartbleed bug, an OpenSSL flaw affecting millions of websites, has some lessons for datacentre providers and operators Continue Reading

By

• Archana Venkatraman, Datacentre Editor

The Cyber Security Challenge UK 2014

The Cyber Security Challenge UK is a series of events designed to test the ability of thousands of amateur applicants who have skills in the cyber security space. Continue Reading

By

• Clare McDonald, Business Editor

Hacktivism: good or evil?

IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading

By

• Dai Davis, Percy Crow Davis & Co

Governance, Risk Management and Compliance (GRC)

Ensuring that all the stakeholders' information needs are met requires a holistic approach to managing information – the creation of a GRC platform, say analysts Clive Longbottom and Rob Bamforth. Continue Reading

Employee mobiles expose firms to attack, says Webroot

Employees mobile devices expose companies to malicious applications and attacks, according to the latest mobile threat report from Webroot Continue Reading

By

• Warwick Ashford, Senior analyst

Bank of England publishes Waking Shark II cyber security exercise results

Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

US startup aims to turn tables on hackers

US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading

By

• Warwick Ashford, Senior analyst

More than 1,100 DWP workers disciplined over benefits snooping

More than 1,100 employees at the Department for Work and Pensions have received official warnings since 2008 for prying into benefits records Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Security considerations for UK enterprises

This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading

UK citizen sues Microsoft over Prism private data leak to NSA

A court action brought in the UK will test Microsoft's legal right to disclose private data on UK citizens to US intelligence services Continue Reading

By

• Fiona O’Cleirigh

Cybercrime and warfare: All that matters

Peter Warren and Michael Streeter assess the history, scale and importance of cyber crime in this chapter from their book, Cybercrime and warfare: All That Matters. Continue Reading

Optimising performance and security of web-based software

On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading

By

• Bob Tarzey

Global profiles of the fraudster

Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading

Why agile development races ahead of traditional testing

Traditional testing practices optimise large, centralised testing but struggle to support the rapid delivery of agile development. Continue Reading

By

• Diego Lo Giudice

Identity assurance system moves into beta test phase

The Government Digital Service has started testing of a key system to support plans for citizens to securely prove their identity when accessing online public services Continue Reading

By

• Bryan Glick, Editor in chief

Windows 2012 Server Network Security

This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading

Windows Server 2012 Security from End to Edge and Beyond

This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading

Printing: a false sense of security?

Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading

Box.com forges new cloud security model

Service providers and consumers need to move to a security model better suited to the cloud computing, says Box.com Continue Reading

By

• Warwick Ashford, Senior analyst

Targeted attacks and how to defend against them

Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading

Facebook to acquire UK startup Monoidics

Facebook is to acquire UK startup Monoidics, which makes code verification and analysis tools and specialises in detecting coding errors Continue Reading

By

• Warwick Ashford, Senior analyst

IT security case studies

Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading

Needle in a Datastack: The rise of big security data

This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading

IT Security Case Studies

Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading

Black market for software security flaws reaches new highs

The black market in previously undiscovered vulnerabilities in commercial software is so established that the average flaw sells for up to $160,000 Continue Reading

By

• Warwick Ashford, Senior analyst

Telefonica Digital forms security group Eleven Paths

The business division of mobile operator Telefonica launches Eleven Paths, an independent company working on security issues in the workplace Continue Reading

By

• Jennifer Scott, TechTarget

Microsoft declares conformance with ISO 27034-1

Microsoft has declared conformance with ISO 27034-1, the first part of an international standard for secure software development Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals hack Washington court system

Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW buyer's guide: context-aware security

This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading

CW Special Report on CSC

This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading

US jails LulzSec hacker Cody Kretsinger

The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading

By

• Warwick Ashford, Senior analyst

Conficker makes way for web-based attacks, says Microsoft

Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading

By

• Warwick Ashford, Senior analyst

Bots and web apps among top threats to data security, says Check Point

Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading

By

• Warwick Ashford, Senior analyst

Securing the hypervisor: expert tips

There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading

By

• Dave Shackleford, Voodoo Security

Malware in counterfeit software to cost business $114bn in 2013

Dealing with malware in counterfeit software will cost global enterprises an estimated $114bn in 2013, says research firm IDC Continue Reading

By

• Warwick Ashford, Senior analyst

RSA 2013: Suppliers need to prepare for new security vulnerability handling standards

Software makers and online service providers need to prepare for two ISO standards on vulnerability handling processes due by the end of 2013 Continue Reading

By

• Warwick Ashford, Senior analyst

2012 Cost of Cyber Crime Study: UK

The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading

IT Security Purchasing Intentions 2013

This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading

Mobile Security Strategies

This exclusive report for Computer Weekly members explains the security risks and challenges of using mobile devices in the enterprise. Continue Reading

The Global State of Information Security Survey 2013: Key Findings

This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading

Using ESAPI to fix XSS in your Java code

Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Continue Reading

By

• Celia Rexselin Aloysius, Contributor

IT security budgets mismatched to hacker targets, study shows

IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

Vulnerabilities in JavaScript: Secure coding insights and tips

JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Continue Reading

By

• Lavakumar Kuppan, Contributor

Static code analysis tools gain traction in India as SDL models mature

Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Continue Reading

By

• Varun Haran, Reporter

Screencast: Employ the FOCA tool as a metadata extractor

Mike McLaughlin demos the FOCA tool as a metadata extractor to expose the 'hidden' data users often post on their own websites. Continue Reading

MDM, security vendors scramble to address BYOD security issues

Organisations are looking beyond NAC and MDM to resolve BYOD security issues; MDM, security and hybrid vendors are responding with new products. Continue Reading

By

• Tracey Caldwell, Contributor

Investigation reveals serious cloud computing data security flaws

Context Information Security found that data stored by a cloud customer could be accessed by the next customer to spin up a VM on the same disk. Continue Reading

By

• Ron Condon

Sandboxing for secure app development: Adobe Reader’s 'protected view'

As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Continue Reading

By

• Disha Agarwal, Contributor

Exploit writing tutorial: Part 1

In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Continue Reading

By

• Karthik Poojary, Amazon

Session fixation protection: How to stop session fixation attacks

Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading

By

• Rob Shapland

Windows security case study: Controlling Windows 7 user privileges

After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading

By

• Ron Condon

Web application vulnerability statistics show security losing ground

New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. Continue Reading

By

• Ron Condon

Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7

Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading

By

• Ron Condon

Burp Suite Tutorial: Part 2 – Intruder and repeater tools

Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Continue Reading

By

• Karthik Poojary, Amazon

Segregation of duties: Small business best practices

Segregating duties can be tough in organisations that have few staff members and resources. Get duty segregation best practices for SMBs. Continue Reading

By

• Michael Cobb

Concerned about tablet security issues? Some are, others not so much

Users love their tablets, but security pros are concerned about tablet security issues. However, though tablets bring new threats, not everyone is ringing the alarm. Continue Reading

By

• Ron Condon

Missing USB drive, found in pub, contained unencrypted data

The ICO says two housing groups must improve data security after a contractor’s missing USB drive, containing unencrypted data, was found in a pub. Continue Reading

By

• Ron Condon

SAP security tutorial: Top 10 SAP security implementation steps

Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Continue Reading

By

• Richard Hunt, Turnkey Consulting

Network security case study: College’s NAC virtual appliance makes grade

Wellington College’s network security case study explains how a NAC virtualization appliance blocks malware and provides increased capacity on demand. Continue Reading

By

• Ron Condon

Virtual desktop benefits include tighter security, hot desking

With the help of hot desking and other virtualisation technologies, the Basildon Borough Council was able to centralise its security administration and reduce its number of desks by more than 30%. Continue Reading

By

• Ron Condon

Shutting down a botnet, US Government disables Coreflood

Coreflood, a botnet almost ten years old, has been taken down by the FBI and US Department of Justice by obtaining permission to hijack the command and control servers and send a 'stop' command to infected PCs. Is this overstepping the privacy line? Continue Reading

By

• Stephen Gillies

Secure SDLC best practices

While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment. Continue Reading

By

• Puneet Mehta, SDG

Information security tutorials

SearchSecurity.co.uk's tutorials offer a variety of online information security training courses you can take on your own time at your own pace specifically for UK readers. They are designed to arm you with the foundational and tactical information you need to deal with the increasingly challenging job of keeping your organization's information secure. Continue Reading

How to use the Microsoft FCIV command-line checksum tool

Downloading files from the Internet always poses a risk, but there are strategies that can make the process more secure. In this tip, Michael Cobb explains how to use the Microsoft FCIV tool to check the hash values of downloaded files and create hashes and checksums of you own. Continue Reading

By

• Michael Cobb

Dynamic code analysis vs. static analysis source code testing

Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response. Continue Reading

By

• Richard Brain

What are the dangers of using Facebook, other social networking sites?

Ken Munro discusses the dangers associated with allowing employees to access social networking sites such as Facebook, and explains how corporations can avoid these risks by monitoring the information placed in employee profiles and using email filters. Continue Reading

By

• Ken Munro