Blogs

    Publish
     
      • Raising the Bar for Security and Trust on the Web

        Sep 11 2015, 7:38 PM

        by Brook Chelmo 1

        Recently, Symantec updated its certificate issuance controls to pay special attention to domains flagged for excessive abuse, malware, spam, and other suspicious activity.  We recently received intelligence that .PW domains had a history of suspicious and abusive behavior.  After further analysis, we decided to place a hold on issuing minimally-authenticated Domain Validated SSL/TLS certificates and are instituting a policy of only offering the stronger authenticated Organization and Extended Validation SSL/TLS certificates to .PW domains.  Part of this change included the revocation of a small number of domain validated SSL/TLS certificates previously issued for these domains.  Additionally, we have engaged with the registry that controls .PW to identify ways that can improve the safety of this top level domain for consumers.  Several other country-code and generic top level domains are also special targets for attackers, which we will continue to evaluate on an on-going basis as well.

        In contrast, forward looking, security minded registries, such as fTLD Registry Services, the owner of the .bank and .insurance top level domains are raising the bar for security for all of its customers. Considered a best practice, before authorizing a domain sale, these registries ensure that only valid, qualified entities operate on these domains and thereby protect the reputation of these spaces. As the original Certification Authority and the market leader for website security solutions, Symantec believes that verifying identity is critical for establishing trust and for ensuring the security of both consumers and the organizations they connect with online.

        Symantec works with the general public to help identify fraudulent websites.  If you would like to report SSL/TLS misuse, please log it here

        • domains
        • DigiCert Code Signing
        • certificate
        • Products
        • TLS
        • website security solutions
        • issue
        • Symantec Website Security
        • .pw
        • SSL
        • revoke
        • Products and Solutions
        • Security
      • Most Dangerous Web Application Security Risks

        Sep 02 2015, 4:01 AM

        by Sathya Narayanan Balakrishnan 1

        As everybody know the top 10 dangerous web app security risks:

        1. Injection flaws
        2. Cross - site scripting
        3. broken authentication and session management
        4. insecure direct object reference
        5. cross site request forgery
        6. security misconfiguration
        7. insecure cryptographic storage
        8. failure to restrict URL access
        9. insufficient transport layer protection
        10. Invalidated redirects and forwards

        Being an new techie to Symantec and Symantec products, may I know what are Symantec's contributions, updates for these security risks?

        May I also ask everyone to kindly share an example of an incident which you may came across in the past, where one of these security risks wasn't detected which ended up in major chaos.

        Many thanks

        Best regards

        Sathya Balakrishnan

        Information Security Response Analyst

        Symantec  Norton.png

        • Symantec Security Information Manager
        • Voice of the Customer
        • Endpoint Encryption
        • DigiCert Code Signing
        • Security Community Blog
        • Web Gateway
        • Products
        • 12.x
        • Malware Scan
        • Vulnerability Assessment
        • Symantec Website Security
        • DigiCert SSL TLS Certificates
        • Endpoint Protection
        • Web Security.cloud