Web Security


Five Shocking Statistics From The Latest Internet Threat Report

Anti malware company Symantec released its threat report for 2011 on Monday. Buried in the dry statistics about the number of Web based attacks and malicious programs detected during the year are some surprising facts. Among them: religious-themed Web sites are among the dirtiest on the Internet.

Developing and Sharing Tools for Professional Hackers

By Joe BasiricoProfessional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is requires one off tools. Over time we develop an enormous arsenal of our own tools, scripts, functions and code snippets that make us significantly more efficient, but are hacks that are only beneficial to us.We then turn around and present them at conferences, we show off their magic in the hands of the original developer and the crowd goes wild and the ecosystem stops there, because they are unsupported, undocumented and nearly unreadable by anybody but the original author. I’d like to fix that.


This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal GlynnThis series began with a general definition of Application Security (“AppSec”) as a fundamental infosec practice that addresses the reduction of both immediate and systemic software risk. When undertaken correctly, AppSec takes a systematic, programmatic approach to hardening business-critical software, from the inside. That’s not to say that organizations must over-invest in an advanced program from the start to be effective – in fact, quite the opposite.

Threatpost has spoken before with Carnegie Mellon University professor Alessandro Acquisti, one of the country’s leading authorities on the impact of social networks and emerging technologies on privacy. In a talk last week at Stanford University’s Center for Internet and Society titled “Privacy in the Age of Augmented Reality,” the professor who specializes in the economics of privacy, shares his research on how loose privacy protections affect how people conduct themselves on social networks.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.