 |
||
Total Website Security |
||
|
||
|
|
|
|
|
WhiteHat Security In the News :: Google's Chrome Walls
When Google swallowed the security company GreenBorder in May 2007, the tiny Mountain View, Calif.-based firm seemed to be yet another promising start-up that had disappeared into the Googleplex's catacombs, never to be heard from again. But on Tuesday, when Google (nasdaq: GOOG - news - people ) revealed its new browser known as Chrome, it became clear how GreenBorder's engineers have been earning their free lunches for the last 15 months: devising a way to inoculate the search giant's new toy against the Web's epidemic of cybercrime... Read Article online at Forbes ››› Eyeballing the Security of Application Service Providers
Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, gives advice on vetting Application Service Providers to ensure security for your business A large number of banks, credit unions, product merchants, healthcare providers, and others are taking advantage of Application Services Providers (ASPs) to enhance their on-line offerings and reduce IT cost. Popular ASPs offer attractive service packages that include the necessary hardware and software infrastructure, such as fast, reliable machines, large bandwidth pipes, disaster-recovery policies, several layers of built-in fault tolerance, and support... 12 Ways to Visualize Network Security
Security is like a stack of Swiss cheese. Each slice covers up holes in the slices below it. Traditional enterprise security is viewed as a hard outer shell protecting a soft interior, but today's Web 2.0 era has changed all that. The perimeter has become porous with applications and access control shared deep between enterprises and consumers. In this way enterprise security can be best viewed like a stack of Swiss cheese. No single layer of security is impenetrable; each protects certain areas and misses others. In a layered approach each slice (defense-in-depth) attempts to cover up the holes in the one below it...Read Article Online at Network World ››› Industry View: Web Application Security Today - Are We All Insane?
WhiteHat Security's Jeremiah Grossman believes the current approach to protecting Web apps is the very picture of insanity Seventeen million programmers are churning out an estimated 102 billion new lines of code per year. Add 162 million websites online, with 809,000 using SSL (an indication of valuable data) and the problem becomes apparent. Researchers estimate that roughly one security defect exists per 10,000 lines of code and nine out of 10 websites contain one or more serious vulnerabilities. If only 1 percent of security defects are exploitable that means we are generating 102,000 zero-days per year - we just don't know where most of them are. Even if 90 percent of the SSL websites contained only a single issue, 728,100 website vulnerabilities are already in circulation, and we don't know where those are, either...Read Article Online at CSO ››› SaaS Security Firm WhiteHat Lands $7m Series D Financing
Merchants Asked to Secure Their Sites
But not all businesses are expected to make the deadline, and for those that do, it's not clear how much more secure their sites will be... Read article online at the San Francisco Chronicle ››› Web Browsers Face Crisis of Security Confidence
User beware. Today's web browsers offer more security protections than ever, but according to security experts, they do little to protect people surfing the net from some the web's oldest and most crippling threats...Read article online at Channel Register ››› Major Security Vendors' Sites Could Be Launchpads for Phishing Attacks
McAfee, Symantec, and VeriSign sites all found to contain cross-site scripting flaws With all the talk about hackers launching attacks from legitimate Websites, you'd think that the major security vendors' sites, at least, would be vulnerability-free...Read article online at Dark Reading ››› Site Security Policy
Brandon Sterne, Security Program Manager at Mozilla, recently published a proposal for a set of browser security features. The proposal, SSP or Site Security Policy, aims to allow browser vendors a chance to do more to protect users from XSS and CSRF threats. Currently SSP is open for comments, and is only available as an add-on for Firefox. Read article online at The Tech Herald ››› The SaaS Approach to Web Site Vulnerability Management
Software as a Service is the only solution for Web site vulnerability management, asserts Stephanie Fohn, chief executive officer of WhiteHat Security, because of its scalability and ease of implementation, among other reasons. Few Expected to Make June 30 PCI Deadline for Web Application Security
Many firms just now shaking off the mental cobwebs May 12, 2008 (Computerworld) Retailers covered by the Payment Card Industry Data Security Standard (PCI-DSS) have just about a month and a half left to comply with new requirements for protecting Web applications. But as with previous PCI-related deadlines, this one appears destined to pass with a majority of merchants unlikely to be in full compliance. Read article at Computerworld ››› Deconstructing PCI 6.6
Organizations handling credit cards feel pressure building as the deadline for PCI Requirement 6.6 compliance, June 30, 2008, approaches. Most are still evaluating how to strategically ensure compliance with this requirement, while maintaining a strong security posture...Read article at SCMagazine ››› SQL Injection Attack Infects Hundreds of Thousands of Websites
Chinese hackers have conducted successful SQL injection attacks on hundreds of thousands of websites during the past 10 days, culling their targets from search engines. Normally, SQL injection attacks are targeted attacks, one IP address at a time. The closest attack on this scale would be the SAMY worm attack on the MySpace.com domain, but that was against just one domain. Google-Hacking Goes To China
Google has yet to bring its U.S. success to China--only about one in five Chinese Web searches starts at the site. But lately, Google seems to have gained popularity with at least one group of Chinese Web users: some of the country's most successful cybercriminals...Read article at Forbes ››› Web 2.0 Security Hangover The Web 2.0 party was a great time, but security pros and analysts are waking up to new problems. Web 2.0 applications have certainly made the user experience more interactive, but organizations need to be mindful of their impact on Web site security. Certainly, there are a number of reasons Web sites become an attractive target for hackers; sometimes sites are built prior to an attack being known about, or the developers were in a hurry. Still, some researchers say the Web 2.0 rush has had an impact on security as well, opening up new possibilities for attackers...Read article at eWeek ››› The FutureNow List When The FutureNow List debuted a year ago IT security emerged as a spending priority, with the lion’s share of investment made in secure authentication. But as the first signs of the subprime crunch gave way to a crisis and yet another rogue trader got his 15 minutes of fame—this time it was Societe Generale’s Jerome Kerviel—information technology leaders were already turning their attention to risk management and compliance. Timing is everything: Prompted by recent events, politicians and regulators edge toward a sea-change in regulatory oversight...Read article at BTN ››› Hackers infiltrate Google searches Hackers have turned their attention to search engines in the latest attempt to invade the computers of unsuspecting Web users. In the past few weeks, they have taken advantage of Web pages that incorrectly use JavaScript, a computer language used in features like interactive maps, to infect thousands of sites. The altered sites show up in a Google search, and when clicked on, redirect the user to a malicious program that aims to steal information...Read article online at the San Francisco Chronicle ››› Google searchers could end up with a new type of bug Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs...Read article online at ABC News ››› WhiteHat Seeks To Protect Top E-Commerce Sites WhiteHat CEO Stephanie Fohn says that you need her company's service if you've got a Web site that takes transactions. WhiteHat is a SaaS vendor that offers back-box penetration tests for Web sites... Read article and view video clip online at Information Week ›››
Security researchers have all the fun, like making up the pun-ny names for the new exploits they discover or detect. Case in point: “Phishing with superbait” is an increasing phenomenon in which cyber thieves take over an actual corporate Website using cross-site scripting, says WhiteHat Security founder and CTO Jeremiah Grossman. Cross-site scripting errors remain the most common vulnerability on financial services Websites, Grossman says...Read article online at Bank Technology News ››› New Firefox Flaw Deemed Low-Risk Threat Mozilla officials are investigating a new vulnerability in Firefox that could be exploited by attackers to steal files from a victim's machiner...Read article online at SC Magazine ››› The Lurking Perils of Online Transactions E-commerce has been part of the retail world for more than a decade, and today's consumers seem to assume that because of this longevity, their transactions are secure. Beyond this, the average online shoppers are convinced their credit card numbers and other sensitive information are out of reach of attackers with a firewall and antivirus program, combined with shopping at brand-name retail sites...Read article online at Ecommerce Times ››› Apple Fixes a Quartet of QuickTime Flaws With all the hype surrounding Apple this week and its MacWorld event it's easy to forget that Apple is a company under a security siege. More specifically, Apple's QuickTime software has faced far more than its fair share of security woes over the past year. The software plays a critical role in Apple's ability to deliver multimedia content on its Mac and iTunes platforms...Read article online at internetnews.com ›››
WhiteHat Security, the leading provider of website vulnerability management services, today announced that the Silicon Valley YWCA has named the Company’s Chief Executive Officer, Stephanie Fohn, a winner of the 2007 TWIN Award...
An attacker can carry out cross-site scripting (XSS) attacks on a vulnerable system through newly disclosed vulnerabilities in Shockwave Flash (SWF) files...
|
2008 News Archive ::
WhiteHat Sentinel Service makes PCI 6.6 Compliance Easy ::
|
|
||
|
||
|
||
|
||
Jeremiah Grossman, Founder and CTO WhiteHat Security
Analyst: Paul Roberts
By Deborah Gage, Chronicle Staff Writer
By Dan Good in San Francisco 
By Steve Ragan
By Stephanie Fohn
By Jaikumar Vijayan
Trey Ford
By Brian Prince
April 2008| 
By Byron Acohido and Jon Swartz
by Art Wittmann
January 16, 2008 | 