Web Application Security Newsletter - September 2006
A MESSAGE FROM THE EDITOR - A recurring theme that surfaces this month centers on the issue of accountability, raising some thought-provoking questions. Who is ultimately accountable should a breach occur? In recent weeks, we have learned about several instances of IT staff and managers alike walking the plank over highly visible security breaches. How can companies implement tighter, more integrated security across all levels of the organization? We also turn to the coming of age for online application delivery. With Web application vulnerabilities and attacks on the rise, are the benefits worth the risks? Read about some current thinking about security and online applications.
1. Vulnerability assessment service pays off for Debt Exchange
When you deal with some of the biggest banks in the world, it goes without saying that security is an overarching concern. That's why The Debt Exchange Inc., a full-service loan sale advisor for commercial, consumer and specialty finance debt, continues to raise the security bar for its online marketplace, which enables financial professionals to collaborate in buying and selling debt and loans.
Read
More
2. Cenzic Wins Awards in 5 Categories From Info Security Products Guide
Automated Application Security Assessment Vendor Selected as the Winner of the Tomorrow's Technology Today 2006 Awards for Both Software and SaaS
SANTA CLARA, CA -- (MARKET WIRE) -- August 24, 2006 -- Cenzic, Inc. today announced that it has been named as a winner in five categories for Info Security Products Guide Second Annual Tomorrow's Technology Today 2006 Awards. The Info Security Products Guide Awards were established to recognize the leading companies in the information security technology industry and play a vital role in keeping end-users informed of the innovative products and solutions available to address their most pressing security challenges. Access to a complete list of the Info Security award winners can be found at: http://www.infosecurityproductsguide.com/technology/
index.html.
Read
More
3. Introduction to security governance
Although security governance and security programs are often discussed, not many security practitioners -- or their organizations -- fully understand all that the concepts involve and how they relate to each other. This introductory tip to security governance kicks off our series by SearchSecurity expert contributor Shon Harris on how to deploy security governance and a security program within an enterprise environment.
Read
More
4. An Information-Centric Approach to Information Security
Data security is a process, not a product
Successful businesses execute simultaneously on three fronts: sustained revenue growth, continuous cost control, and comprehensive risk management. Driven by a significant rise in public awareness of information security breaches, the discipline of risk management is under increased pressure to protect the information assets of the business better. This pressure has resulted in a great deal of confusion about the best course of action, and more than a few ill-considered measures have been put in place.
Read
More
5. Google, Microsoft Online Apps Raise Security Questions
With the launch of Google's hosted application suite earlier this week and the ongoing beta test of Microsoft Office Live, online application delivery appears ready to challenge the desktop computing model that has dominated since the 1980s. But like the traditional desktop environment, Web applications have security problems.
Read
More
6. Hackers Hit AT&T, Steal Users' Info
AT&T Inc. said hackers compromised its Web site last weekend, obtaining records and credit card information of up to 19,000 customers. The country's largest telecommunications operator said Tuesday that hackers targeted a store on the company's Web site where customers purchased DSL equipment.
Read
More
|
