Posts tagged Company’s
Report: Your Company’s Web Apps Are Actually Gaping Security Holes
Sep 12th
Web applications are still one of the greatest threat to enterprise security, according to Hewlett-Packard’s 2011 mid-year enterprise security risk report. This is no surprise, considering we saw data from Imperva in July that shows that Web apps are probed or attacked at least once every two minutes. What is surprising is that enterprises have been slow to recognize and patch vulnerabilities, giving malicious hackers ample opportunity to penetrate their networks.
Weaknesses in Web application make up 31% of all vulnerabilities, according to HP. Technically, reports of Web app vulnerabilities have gone down in recent years, but that is not necessarily a good thing. Legacy Web apps still provide a great risk to enterprise security.
Sponsor
A lot of what HP presents in its report will not be new to security professionals. Every single security company and its long lost second cousin has a mid-year security report. For instance, did you know that cross-site scripting (XSS) is the compromises the most significant Web app vulnerability? Or that buffer overflow and Distributed Denial of Service (DDoS) attacks are the second and third most used vulnerabilities? If you are in the security industry, you certainly did know that.
HP founded a program called the “Zero Day Initiative” (ZDI) in 2005 designed to reward security professionals for responsibly reporting unknown vulnerabilities. Since 2005, Apple Quicktime has the most reported vulnerabilities with Microsoft Internet Explorer coming in second. Java, Firefox, Webkit, Real Player and Adobe (Shockwave and Reader) also make the list, along with HP OpenView. Those are some of the most fundamental technologies on the Web and their breadth contributes to the problem of enterprise security risks.
HP notes that it does not really matter if there are new vulnerabilities or not. Malicious hackers already have an ample surface of attack with existing vulnerabilities. Patching, closing, fixing, debugging, replacing software, installing security measures or any other method that can be done to fix those vulnerabilities across the entire enterprise landscape would cost hundreds of millions if not billions of dollars. Yet, considering the volume of attacks keeps on increasing no matter how many vulnerabilities are reported, it behooves industries to attempt to get their networks up to do. See the chart below for mid-year attack totals from 2009-11.
For instance, let’s look at SQL injection (SQLi) attacks. This is an attack that is a favorite among “hacktivist” groups like LulzSec and Anonymous. Booz Allen Hamilton’s recent email leak was mostly SQLi related. The prevalence of SQLi attacks is laughable. Worming an SQL attack into a company’s server should be a fairly simple attack to stop with a layered security approach that stops the data injection with firewalls or data sandboxes within the servers. It is a popular attack because it works. It works because enterprises either do not know what they are protecting against or have been too negligent in updating their security policies.
Check out HP’s entire report here (PDF).
What can enterprises do to close the gap between legacy vulnerabilities and Web application usage? As we have seen, the attack surface is wide, like a stretched out cloth that can easily be poked through by hackers who know what they are looking for. As Web apps become more critical to critical business functions, how can IT managers and the security industry shrink the amount of avenues that malicious hackers use to gain access to sensitive information?
View full post on ReadWriteWeb
Twitter Engineer Talks About the Company’s Migration from Ruby to Scala and Java
Jul 6th
Twitter is famous for its use of Ruby on Rails, but as it has scaled the service up it has migrated some of its code to other technologies. The company began by migrating its back-end message queue to Scala (which runs on the Java Virtual Machine), continued by rebuilding its back-end search in Java and most recently replaced its search front-end with a Java server.
InfoQ is running an interview with Twitter engineer Evan Weaver who explains more about the shift.
Sponsor
Here are a few interesting points:
- The first class languages at Twitter are JavaScript, Ruby, Scala and Java. Soemtimes C is used as well.
- The usage of Ruby is shrinking at Twitter as JavaScript takes over the front-end and JVM-based languages take over the back-end.
- In general, developers at Twitter from a Ruby background prefer Scala, and those with a C/C++ background prefer Java.
- The search team uses Lucene and is experienced in Java. Java is more convenient for them than Scala or Ruby.
- Twitter uses a library called Finagle for building asynchronous RPC servers and clients in Java, Scala or any JVM langauge.
- The move to Scala and Java at Twitter is driven more by a need for encapsulation than for performance and scalability and much of the existing Ruby code is quite workable for the time being.
- Static typing has been a productivity boon as Twitter search has moved towards a service oriented architecture.
The interview also goes into more specific technical reasons for preferring Scala to Rails, such as better vertical integration. Weaver also talks about Twitter’s overall architecture, which was described in the talk we covered here.
View full post on ReadWriteWeb
How Many of Your Company’s Facebook Fans Are Local?
Jun 23rd
For small, local businesses using Facebook for social marketing, building up a fan base is important, but only to the extent as the people clicking the “like” button actually live nearby.
While some businesses can sell their products and services online to customers regardless of location, truly local businesses who serve a particular locale need to narrow their social marketing focus down to ensure they’re connecting with the people most likely to actually spend money with them.
Sponsor
So how does one determine how effective their local reach is on Facebook? One option is a new tool from Roost, a social marketing platform provider. The Roost Local Scorecard analyzes your business’s Facebook fan base and generates a “local score” using Roost’s proprietary algorithm, which takes into account those fans are located and factors in population data from the U.S. Census Bureau.
The resulting number should help small businesses understand how effective their local reach is at a glance. Roost then offers some tips about how to improve that score using social marketing best practices on the local level. Ultimately, they’d obviously like you to sign up for their platform, and this is a great marketing tool for them to help facilitate that, but the Roost Local Scorecard is free to use with or without signing up for Roost’s core offering.
Of course, one can also get a pretty good idea about their local reach simply by using Facebook Insights, the social network’s official analytics dashboard. Roost’s scorecard is an easy way to boil that data down into a single number and give it some context.
Curious about your score? Head on over to Roost and connect your Facebook account to see how your company ranks locally.
View full post on ReadWriteWeb
How to Make SEO Part of Your Company’s DNA – Search Engine Watch
May 24th
 Globe and Mail |
How to Make SEO Part of Your Company's DNA
Search Engine Watch Furthermore, they are completely unaware how their own activities play an important role in their company's SEO performance or what they can do to augment that performance. How do you correct problems like these? SEO needs to become part of a company's … The Coming Tide Of SEO Tattletales What's Working for SEO in 2011: A Review from London SMX SEO Copywriting Services in Demand Following Google Panda Update |
View full post on SEO – Google News
Microsoft Making Company’s Biggest Acquisition: Skype
May 10th
The Wall Street Journal reported Microsoft has offered $8.5 billion for Skype in a move that would be the biggest acquisition of the company’s history.
“Microsoft Chief Executive Steve Ballmer, though, sees the Internet as an essential battleground for Microsoft, a company that still makes the vast bulk of its profits from Windows and Office software systems. Investors have become increasingly concerned about Microsoft’s ability to squeeze continued growth out of those businesses, as rival technologies from Apple Inc., Google and others put more pressure on profits,” the WSJ reported.
Click to read the rest of this post…
View full post on Search Engine Watch Blog
SEO Dirty Tricks That Can Land Your Company’s Website in Google Jail – BNET (blog)
Feb 28th
|
SEO Dirty Tricks That Can Land Your Company's Website in Google Jail
BNET (blog) This is what just got JCPenny in trouble; the company's SEO firm was paying all sorts of sites to add links back to Penny. This can work well in the short run, of course, because the number of links pointing to your content is one of the most important … |
View full post on SEO – Google News
SEO Dirty Tricks That Can Land You Company’s Web Site in Google Jail – BNET (blog)
Feb 28th
|
SEO Dirty Tricks That Can Land You Company's Web Site in Google Jail
BNET (blog) This is what just got JCPenny in trouble; the company's SEO firm was paying all sorts of sites to add links back to Penny. This can work well in the short run, of course, because the number of links pointing to your content is one of the most important … Academy Awards 2011 live – stream Oscar Awards 2011 online for free The dark world of search engine manipulation |
View full post on SEO – Google News
Improve Your Company’s SEO With Social Media – Fresh Business Thinking
Nov 23rd
|
Improve Your Company's SEO With Social Media
Fresh Business Thinking The vast majority of people will click on the top two or three links in the list, so it's easy to see why so many brands hire SEO specialists to try and get … International SEO PPC and Social Media on the agenda at ISS Munich |
View full post on SEO – Google News
