Ah, the Web. It has generally made business easier and cheaper, but specifically made information security harder and more expensive. Companies in all sorts of industries are rushing to create ...

Jeremiah Grossman wants you to know that firewalls and SSL encryption won’t prevent a hacker from breaking into your e-commerce website, compromising your customers’ data and possibly stealing your ...

ITworld.com – Listen to the column “Web Application Security Audits”, or visit our Podcast Center to hear more by James Gaskin. There are four Web vulnerability tool companies, and one, Acunetix (.com ...

Six months ago, I started my own journey learning web app penetration testing from scratch. Several people have asked me to compile these resources into one compendium aimed at those with little or no ...

Andrei Neacsu is a cofounder and managing partner at HyperSense. The role of web applications in today's businesses amplifies the repercussions of weak security—leading to potential revenue loss, ...

SPI Dynamics – These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services ...

Continuing the theme from my previous column on the relative security of Internet Information Service (IIS) vs. Apache, I’ve come across more studies to support my initial conclusion. Since a single ...

Pen testing, also known as "ethical hacking," involves a team of cybersecurity professionals tasked to test the resilience of an organization's security systems. Unfortunately, traditional web ...

As I write these words, many Ruby on Rails developers are worried. The framework that so many of us have used and enjoyed for so many years, turned out to have some serious security flaws. It's not ...