Articles on Web Security

• Malware Malvertising: How Malicious Ad Campaigns Are Protected
  Attackers protect malvertising campaigns by obfuscating JavaScript and ActionScript code and timing attacks for weekends when ad network staff aren't working. Malicious logic activates after...
• Social Engineering The Targeted Attack Potential of Vanity Web Searches
  Vanity web searches create targeted attack opportunities. Attackers can create pages with a target's name, wait for Google indexing, then add malware knowing the person will visit when alerts...
• Web Security Tracking Known Malicious Websites by ETag Identifiers
  HTTP ETags can track malicious websites even when attackers rotate domain names for the same malicious server. CompuCom found a single ETag associated with malware that could filter 12 domains and...
• Risk Management Know the Alternatives When Negotiating IT Risk Mitigation Approaches
  When business managers reject expensive security recommendations, present alternative mitigation options—such as virtual patching as a stopgap before code fixes. Understanding your BATNA (Best...
• Tools 4 Free Tools to Detect Local Insecure Browser Plugins
  Four free tools can identify locally-installed browser plugins that need security patches: Google Chrome's built-in warnings and Secbrowsing extension, Mozilla's Plugin Check page, Qualys...
• Networking Web Application Firewalls (WAFs) Will Be Ubiquitous
  WAFs are following the adoption trajectory of traditional network firewalls—both mitigate risk when securing individual components is impractical. Network firewalls protected weakly-configured...