- Tools Mitigating Attacks on the Web Browser and Add-Ons
Drive-by exploits target vulnerabilities in browsers and add-ons like Java, Adobe Reader, and Flash. Defense involves sandboxing (Chrome, IE, Adobe Reader X), tightening settings via Group Policy,...
- Web Security Mitigating Attacks on Web Applications Through the Browser
Attackers use browsers as gateways to attack web applications via XSS (executing malicious JavaScript in app context), CSRF (tricking browsers into submitting crafted requests), clickjacking...
- Tools Mitigating Attacks on the User of the Web Browser
Browsers are improving protection against socially-engineered malware. Internet Explorer's SmartScreen includes application reputation tracking—warning users about executables without reputation...
- Web Security NoScript Strengthens Security Even If You Allow Scripting
NoScript's script-blocking requires users to allowlist every site—many automatically click "allow" or uninstall it. If script allowlisting isn't for you, enable scripts globally but keep NoScript's...
- Risk Management Information Security Isn't a Standalone Discipline
Information security exists to help organizations achieve corporate objectives, not as a goal in itself. Security professionals must understand how they fit into Finance, Legal, HR, IT, Marketing,...
- Tools 10 Information Security Mistakes: A False Sense of Security
Ten practices that create false security: capturing logs without sufficient detail, policies no one follows, vulnerability scans without remediation processes, pen tests excluding workstations,...