- Web Security Tracking Known Malicious Websites by ETag Identifiers
HTTP ETags can track malicious websites even when attackers rotate domain names for the same malicious server. CompuCom found a single ETag associated with malware that could filter 12 domains and...
- Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches
When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
- Tools 4 Free Tools to Detect Local Insecure Browser Plugins
Four free tools can identify locally-installed browser plugins that need security patches: Google Chrome's built-in warnings and Secbrowsing extension, Mozilla's Plugin Check page, Qualys...
- Networking Web Application Firewalls (WAFs) Will Be Ubiquitous
WAFs are following the adoption trajectory of traditional network firewalls—both mitigate risk when securing individual components is impractical. Network firewalls protected weakly-configured...
- Malware Understanding Computer Attack and Defense Techniques
Modern attacks combine social engineering to bypass technical defenses, client-side exploits targeting browsers and add-ons, web application vulnerabilities like SQL injection, and persistent...
- Web Security Researching Malicious Websites: A Few Tips
Malicious sites evade researchers by checking User-Agent and Referer headers, computing redirects via JavaScript, using nonces, and denylisting IPs. Bypass these defenses by faking browser headers,...