Vulnerabilities in web applications are now the largest vector of enterprise security attacks.

Stories about exploits that compromise sensitive data frequently mention culprits such as “cross-site scripting,” “SQL injection,” and “buffer overflow.” Vulnerabilities like these fall often outside the traditional expertise of network security managers.

To help you understand how to minimize these risks, Qualys provides this guide as a primer to web application security. The guide covers:

• typical web application vulnerabilities
• comparison of options for web application vulnerability detection
• QualysGuard Web Application Scanning solution

Offered Free by: Qualys, Inc.

Learn about web-based threats, the impact to your business, and the most effective solution to implement.

Web-borne malware is now more common than malware that enters an organization through email. The number of Web sites discovered per day, that carry malware increased 400% in 2008. This drastic increase in infected sites can cause serious issues for your business. Organizations need to proactively protect their networks both by instituting acceptable usage policies for employee web usage as well as implementing a solution to combat these malware intrusions.

In this white paper you will learn:

• How malware enters networks through the web
• How to combat these threats
• How MessageLabs hosted solution can help mitigate risks associated with web based malware

Offered Free by: Symantec Hosted Service

CIO Digest is Symantec’s quarterly magazine containing strategies and analysis for senior and C-level IT leaders around the world.

Each issue of CIO Digest includes an exclusive interview, an industry feature, a solutions feature, customer case studies from thought leaders around the globe, an update from Symantec Technology Security & Response, and more.

Geographic Eligibility: USA, Canada, Mexico, Selected International

Offered Free by: Symantec Corporation

Learn how to build a pragmatic web application security program that constrains costs while still providing effective security.

Current web applications exist in an environment markedly different from the early days of businesses entering the Internet. They have become essential tools interconnecting organizations in ways never anticipated when the first web browsers were designed. These changes have occurred so rapidly that, in many ways, we’ve failed to adapt operational processes to meet current needs. This is particularly apparent with web application security, where although most organizations have some security controls in place, few organizations have comprehensive web application security programs.

Author: Rich Mogul (Securosis, LLC)

Offered Free by: Qualys, Inc.

Join renowned analyst, Michael Osterman, for a compelling discussion regarding email downtime issues and effective strategies to ensure your day-to-day business operations are not interrupted by imminent email failures.

Fact: 42% of businesses have experienced database corruption in the past year.
Fact: Database corruption is a messaging issue that security and disaster recovery specialists need to be concerned with. (Source: Osterman Research, Inc. 2008)

Email has become the primary business communication medium and file transport tool, and is the key channel for processing critical business transactions, including proposal responses and order processing. As a result, email must operate as close to 24/7 as possible. Planned or unplanned, widespread or partial even short interruptions in email service can have a devastating impact on an organization’s revenue, reputation and future growth.

View this webcast and you will learn:

• The causes of email downtime, including those that are completely outside your control
• The variety of negative impacts that email downtime can have on any organization of any size
• What you can do to ensure that email downtime is minimized or eliminated

Offered Free by: Symantec Hosted Service

As an Executive Manager, learn how to protect your company’s enterprise from DDoS attacks!

Watch this 2 part demo to understand how Distributed Denial of Service (DDoS) attacks happen, and how the VeriSign Internet Defense Network’s in-the-cloud DDoS mitigation platform helps large companies stay online during an attack with minimal infrastructure investment.

Offered Free by: VeriSign

Infosecurity magazine is dedicated to the strategy and technique of information security, delivering critical business and technical information that IT security professionals need to make informed business decisions.

In each issue, a diverse group of leading expert security researchers and practitioners from academic, professional and business backgrounds inform their readers about the latest developments in the business, management and technology of information security. The subject matter covers all critical areas of data security, from cryptography, end point security, and anti-virus/anti-spyware solutions to identity management, firewalls, VPNs, intrusion detection and protection.

Geographic Eligibility: United Kingdom (Print or Digital Edition), Europe (Digital Edition Only). For those in the USA, CLICK HERE to subscribe to Infosecurity US

Offered Free by: Elsevier Inc.

Free 1Z0SY0-201 CompTIA Security+ and 51 page Study Guide.

CompTIA’s Security+ exam is a critical step for anyone interested in IT security. It’s a key component in the Department of Defense’s 8570.1 initiative that mandates federal IT workers and contractors gain security certifications to work with the federal government. The ExamForce SY0-201 CompTIA Security+ practice exam provides a unique triple testing mode to instantly set a baseline of your knowledge and focus your study where you need it most, while the 51 page Study Guide provides high quality reference material – a valuable companion to the practice exams.

ExamForce’s SY0-201 CompTIA Security+ covers the following CompTIA’s recommended objective categories:

• Systems Security
• Network Infrastructure
• Access Control
• Assessments and Audits
• Cryptography
• Organizational Security

Offered Free by: ExamForce

Find out how you can achieve Best-in-Class results. Access Your Complimentary Copy Today. This $399 Value Offer Expires 11/16/2009.

• Slash Time to Produce Report
• Cut Total Cost to Produce Report
• Reduce Non-Compliance Incidents

An unceasing focus on compliance, and an increasing focus on managing risk, created greater pressure from the Board and heavier workloads on the internal audit function. How are Best-in-Class organizations reallocating their internal audit resources to achieve the greatest value-add?

Offered Free by: Aberdeen Group

This newly premiered publication is a one-stop source for security topics and strategies, offered exclusively by TradePub.com.

From spyware to phishing attacks, security threats are growing more virulent as the promise of big payoffs increase. In its premier Winter 2007 issue, Security Source Magazine’s cover story is about keeping the network secure, from the gateway to the desktop.

Subscribe now and continue to learn about valuable security topics and strategies in each quarterly issue.

Geographic Eligibility: USA, Canada, Selected International

Offered Free by: SourceWorks Media