Web application security

Bill Binney, the ‘original’ NSA whistleblower, on Snowden, 9/11 and illegal surveillance

Always a patriot: Computer Weekly talks to Bill Binney, the senior NSA official who blew the whistle before Edward Snowden Continue Reading

By

• Fiona O'Cleirigh

HSBC website mistake guides customers to porn

HSBC’s Hong Kong website accidentally featured an out-of-date link that directed people to a porn site Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

UK government adds five authentication providers to Gov.uk Verify identity management system

The Government Digital Service (GDS) adds five authentication providers to the Gov.uk Verify identity and access management scheme Continue Reading

By

• Clare McDonald, Business Editor

Case study: Norwegian insurer invests in Darktrace machine-learning cyber defence

Shipping insurance company DNK hopes to inspire the rest of the shipping industry to adopt Darktrace’s cyber defence system Continue Reading

By

• Jenny Stadigs

CW Europe – January 2015 Edition

As we start another new year we look back at what technology has been playing a vital role in keeping Europe safe. Headlines are regularly filled with threats about cyber wars and attacks which, although are important to bring to light, can sometimes overshadow the role technology plays in keeping us safe. Continue Reading

Cabinet Office begins procurement for next stage of Gov.uk Verify

The Cabinet Office has submitted a tender notice for a £150m three-year framework for the provision of identity assurance services Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

The state of mobile back end as a service

Common mobile application services are increasingly being hosted on central back-end servers – but what does that mean for the enterprise? Continue Reading

By

• Janakiram MSV

CGI secures communications between pilots and air traffic control

Satellite communications firm Inmarsat has outsourced the provision of security IT and services to CGI Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

WordPress most attacked application

Websites that run the WordPress content management system are attacked 24% more often than those using other systems Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Malware being used to steal cash from ATMs

Criminals are using malware to steal cash from ATMs without debit and credit cards Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW Europe - October 2014 Edition

BYOD policies: What’s allowed and what’s banned? As IT departments still try to come to terms with the notion of BYOD, CW Europe takes a look at what policies are being implemented to keep security under control. Continue Reading

GDS unveils 'Gov.UK Verify' public services identity assurance scheme

The Government Digital Service (GDS) debuts a system to prove users’ identities when using public services online, branded as 'Gov.UK Verify' Continue Reading

By

• Bryan Glick, Editor in chief

Security experts identify top 10 software design flaws

The IEEE Center for Secure Design has published a report on how to avoid the top 10 software security design flaws Continue Reading

By

• Warwick Ashford, Senior analyst

USB-connected devices present cyber vulnerabilities

Connecting devices to computers using a USB port could lead to security breaches, say Berlin-based researchers Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Hackers abuse Bitly API in novel attack, reports Websense

A cyber attack targeting MSNBC highlights cybercriminals’ abuse of the public’s trust in news sites, says Websense Security Labs Continue Reading

By

• Warwick Ashford, Senior analyst

Barclays passes government’s ‘internet-born threat’ test

Barclays Bank has been awarded the government’s cyber security certificate for digital banking services after independent tests of services such as Pingit Continue Reading

Adapting to life after Heartbleed

In this week’s Computer Weekly, we investigate the most significant flaw in recent history to impact the internet. The Heartbleed bug in OpenSSL leaves millions of internet servers vulnerable to attack. Hackers have already exploited Heartbleed to steal passwords from the Mumsnet parenting site. What can websites do to foil future attacks? Continue Reading

Hacktivism: good or evil?

IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading

By

• Dai Davis, Percy Crow Davis & Co

Bank of England publishes Waking Shark II cyber security exercise results

Bank of England publishes the results of its Waking Shark II security exercise, which tested financial institutions' contingency plans for cyber attack Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

NHS site malicious redirects are a warning to developers

A coding error that redirected NHS website visitors to malicious content should be a warning to developers, say security experts Continue Reading

By

• Warwick Ashford, Senior analyst

New Snapchat security measure easily by-passed, says researcher

A new Snapchat security measure to verify users are human is easily by-passed, says researcher Continue Reading

By

• Warwick Ashford, Senior analyst

US startup aims to turn tables on hackers

US startup Shape Security is turning the tables against hackers by using one of their own techniques against them Continue Reading

By

• Warwick Ashford, Senior analyst

Security considerations for UK enterprises

This Research Snapshot from Vanson Bourne looks at IT security spending trends, awareness of cyber-threats, and the factors perceived as the biggest security risks for organisations. Continue Reading

Optimising performance and security of web-based software

On-demand applications are often talked about in terms of how suppliers should be adapting the way their software is provisioned to customers. Continue Reading

By

• Bob Tarzey

Global profiles of the fraudster

Computers, rather than conmen, are set to be the future face of fraud, as criminals turn to robotics in an effort to avoid detection, this report from KPMG reveals. Continue Reading

Neustar to host first DDoS awareness day

Communications firm Neustar is to host the first international awareness day on distributed denial of service (DDoS) attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Most websites could be targeted through PHP, warns Imperva

Hackers are focusing on vulnerabilities in PHP web application development platform, threatening most websites, warns Imperva Continue Reading

By

• Warwick Ashford, Senior analyst

NSA and GCHQ unlock online privacy encryption

UK and US intelligence agencies have unlocked the technology used to encrypt online services, including email, online banking and medical records. Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Windows 2012 Server Network Security

This book chapter offers an introduction to Windows 8 and Windows Server 2012 network security and IPv6. It includes a 30% discount code for Computer Weekly readers. Continue Reading

Windows Server 2012 Security from End to Edge and Beyond

This extract from the book Windows Server 2012 Security from End to Edge and Beyond shows you how to plan your platform security requirements and gives you the critical questions to ask. Continue Reading

Printing: a false sense of security?

Louella Fernandes and Bob Tarzey show how secure printing technology can provide authentication, authorisation and accounting capabilities, helping businesses improve document security and meet compliance regulations. Continue Reading

Targeted attacks and how to defend against them

Analysts Bob Tarzey and Louella Fernandes assess the scale and real impact of targeted attacks the measures being taken to defend against them. Continue Reading

The dangers of internet cafés

Businesses need clear computer use policies and need to ensure staff are properly trained in data protection, writes Garry Mackay Continue Reading

By

• Garry Mackay

Websites hacked to show child abuse images

More than 25 business websites worldwide have been hacked to show illegal images of child sex abuse Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Big data journalism exposes offshore tax dodgers

How journalists harnessed big data to challenge offshore financial secrecy Continue Reading

By

• Duncan Campbell and Craig Shaw

IT security case studies

Four critical IT security case-studies selected from the winners of Computer Weekly's European User Awards for security Continue Reading

Needle in a Datastack: The rise of big security data

This research from McAfee investigates how well organisations are positioned to address the challenges of managing security in a world of ever increasing amounts and types of data. Continue Reading

2013 Cost of Data Breach Study: UK

The cost of data breaches has risen for UK organisations over the past year, the Ponemon Institute reveals. Continue Reading

Security Think Tank Download: Bring your own device

Downloadable guide. How to make your company secure when you introduce BYOD. Continue Reading

IT Security Case Studies

Warwick Ashford presents 4 essential IT security case-studies selected from the winners of Computer Weekly's European User Awards. Continue Reading

More than one-fifth of UK firms hit by DDoS attacks in 2012

More than a fifth of UK firms experienced a disruptive distributed denial of service (DDoS) attack in 2012 Continue Reading

By

• Warwick Ashford, Senior analyst

Identity management key to browser-based IT strategy

A cloud-based identity management system is key to enabling a browser-based IT strategy at online recruitment firm Reed.co.uk Continue Reading

By

• Warwick Ashford, Senior analyst

Syrian hackers deface Sky Android apps

Syrian hackers have defaced several of Sky’s Android apps, forcing the broadcaster to remove them temporarily from the Google Play store Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals hack Washington court system

Hackers gain access to the personal data of 160,000 US citizens after compromising Washington State court service servers Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

CW buyer's guide: context-aware security

This 11-page Computer Weekly buyer's guide looks at how organisations should approach context-aware security technologies and what business benefits they can deliver. Continue Reading

CW Special Report on CSC

This 16-page report from Computer Weekly analyses the challenges facing CSC, its financial performance, the services it offers, its place in the IT market and its future strategy. Continue Reading

US jails LulzSec hacker Cody Kretsinger

The US has jailed a member of hacktivist group LulzSec for a year for his role in breaching computer systems at Sony Pictures Entertainment in 2011 Continue Reading

By

• Warwick Ashford, Senior analyst

Conficker makes way for web-based attacks, says Microsoft

Web attacks emerge as top threat as businesses finally begin to win the battle against Conficker and other worms, says Microsoft Continue Reading

By

• Warwick Ashford, Senior analyst

Bots and web apps among top threats to data security, says Check Point

Bots, viruses, breaches and attacks are a constant and real threat to the information security of organisations Continue Reading

By

• Warwick Ashford, Senior analyst

Securing the hypervisor: expert tips

There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances Continue Reading

By

• Dave Shackleford, Voodoo Security

Enterprise Security Architecture – an outsourcer's view

Alan Jenkins, chief security officer of outsourcing specialist, T Systems, explains the company's approach to enterprise security architecture. Continue Reading

Enterprise Security Architecture

Mark Brown, Director for Advisory Risk & Information Security at Ernst & Young offers advice to security leaders on developing a robust Enterprise Security Architecture. Continue Reading

Virtualization Security: Protecting Virtualized Environments

This extract from the book Virtualization Security, includes a 30% discount for Computer Weekly readers. Continue Reading

ICO hits Sony with £250,000 data breach penalty

The Information Commissioner’s office (ICO) has fined Sony Computer Entertainment Europe £250,000 for breaching the Data Protection Act Continue Reading

Security visualisation

This article is guideline of how to generate a visual representation of a given dataset and use in the evaluation of known security vulnerabilities Continue Reading

Oracle rushes out patches for Java zero days

Oracle has released two out-of-band security updates for the latest zero day vulnerabilities in Java Continue Reading

By

• Warwick Ashford, Senior analyst

Ghost Shell hacktivists publish over a million credentials

The Ghost Shell group, an offshoot of the Anonymous hacking collective has published the log-in details from 1.6 million accounts Continue Reading

By

• Warwick Ashford, Senior analyst

UK government jobs website exploited by hackers

Hackers have been able to exploit security flaws in a new government jobs website to steal personal information about job applicants Continue Reading

By

• Warwick Ashford, Senior analyst

2012 Cost of Cyber Crime Study: UK

The 2012 Cost of Cyber Crime Study: United Kingdom is independently conducted by Ponemon Institute. The benchmark study, sponsored by HP Enterprise Security is based on a representative sample of 38 organisations in various industry sectors. Continue Reading

IT Security Purchasing Intentions 2013

This in-depth research from Computer Weekly and TechTarget reveals the IT security spending priorities of businesses in the UK and Europe. Continue Reading

Zero-day exploit for Yahoo Mail goes on sale

Hacker sells $700 zero-day exploit for Yahoo Mail that allows attacker to use cross-site scripting vulnerability to steal cookies and hijack accounts Continue Reading

By

• Warwick Ashford, Senior analyst

The Global State of Information Security Survey 2013: Key Findings

This global study examines the state of cyber-security and the impact of cyber crime and offers advice to businesses on reducing the risks. Continue Reading

IT security budgets mismatched to hacker targets, study shows

IT security budgets are not being used to provide defence technologies in some areas most likely to be targeted by hackers, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

RSA Europe: Cloud key to future information security, says Qualys

Cloud computing is an opportunity information security professionals should not miss, says Philippe Courtot, CEO of security firm Qualys Continue Reading

By

• Warwick Ashford, Senior analyst

Security firm warns against Samsung Galaxy Tab for enterprise use

Security specialist Context Information Security says vulnerabilities in the Samsung Galaxy Tab make it unsuitable for use in the enterprise Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Hackers target White House military network

Hackers using computers in China have infiltrated an “unclassified” network in the US White House, believed to be used for issuing nuclear commands. Continue Reading

By

• Cliff Saran, Managing Editor

Security concerns hold back mobile banking adoption

More than two-thirds of smartphone owners have not yet adopted mobile banking apps because of security concerns, a survey has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Microsoft investigates IE zero-day flaw

Microsoft says it is investigating reports of a vulnerability in Internet Explorer 6, 7, 8, and 9 Continue Reading

By

• Warwick Ashford, Senior analyst

Android devices vulnerable to security breaches

More than 50% of devices running Google's Android OS have unpatched vulnerabilities, opening them up to malicious apps and other attacks Continue Reading

By

• Caroline Baldwin, Freelance editor and journalist

Mobile application security issues and threat vectors in enterprises

As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises. Continue Reading

By

• Ram Venkatraman

Microsoft repairs dangerous XML Core Services zero-day flaw

The Microsoft XML Core Services vulnerability is being actively targeted by cybercriminals. In addition, Microsoft issued a critical update to Internet Explorer 9. Continue Reading

By

• Robert Westervelt, TechTarget

File upload security best practices: Block a malicious file upload

Do your Web app users upload files to your servers? Find out the dangers of malicious file uploads and learn six steps to stop file-upload attacks. Continue Reading

By

• Rob Shapland

Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference

Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Continue Reading

By

• SearchSecurity.in Staff

Study: Shnakule, four other malnets caused most 2011 attacks

Huge global malnets, such as Shnakule, were responsible for most attacks in 2011, and Blue Coat predicts they will trigger 66% of all attacks in 2012. Continue Reading

By

• Ron Condon

Session fixation protection: How to stop session fixation attacks

Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Continue Reading

By

• Rob Shapland

Windows security case study: Controlling Windows 7 user privileges

After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. Continue Reading

By

• Ron Condon

Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7

Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. Continue Reading

By

• Ron Condon

Emerging 2012 security trends demand information security policy changes

2012 security trends involving cookies, fines, devices and threats will demand more skills -- and a little finesse -- from security professionals. Continue Reading

By

• Ron Condon

CSRF attack: How hackers use trusted users for their exploits

A CSRF attack is a serious Web security threat that, combined with XSS, can be lethal. Learn about the CSRF attack’s anatomy, along with mitigation methods. Continue Reading

By

• Karthik Poojary, Amazon

Malvertising, pop-up ad virus problems demand more user protection

A recent pop-up ad infection on the London Stock Exchange's website highlights the growing scourge of malicious advertising, or malvertising. Continue Reading

By

• Ron Condon

Top seven social media threats

Discover the top seven social media threats in the first of a two-part series on social media related security threats and preventive measures. Continue Reading

By

• Shantanu Ghosh

Web 2.0 presents no new security challenges, is just marketing hype: Secure Computing

Secure Computing's Scott Montgomery says Web 2.0 security is marketing hype, application flaws come from overworked programmers and Australia is doing better at cyber-security than the USA and Europe. Continue Reading

By

• Simon Sharwood