Bit9, self-professed leader in enterprise application whitelisting, recently included Mozilla's Firefox browser among "the Dirty Dozen" applications with critical security vulnerabilities. Mozilla's security expert Jonathan Nightingale disputes that critique.

Codenamed "Coltrane", the major release of Wordpress 2.7 comes with more than a few changes.

The Browser Security Handbook (BSH) from search engine company Google has been published under free license.

The Open Web Application Security Project (OWASP) has placed videos of its latest conference online. The open- source project concerns itself with web application security.

When it comes to security, public disclosure of vulnerabilities and working exploit code is now common. We look at why this can be both harmful and helpful to securing your systems.

Maybe password security isn’t perfect, but most networks depend on it. This month we examine some tools for smarter, more versatile authentication.

Romain Gaucher, a specialist in web security, offers his Scalp tool in version 0.4. The log analyzer searches for attacks on Apache web applications.

Conventional, woodpecker-style port knocking is open to sniffing and brute force knocking attacks. Sending an encrypted packet with an access request to the server is safer and more modern. Learn more about Firewall Knock Operator, a.k.a. Fwknop.