Application security has been a growing discipline in the IT world for about a decade. Not long ago, knowledge about securing applications came from a select few independent researchers, and resources for implementation were scarce. Through the years, more and more resources have become available as security expertise and toolsets have found their way to a wider population of technologists. Over the past five years, general knowledge of application security criteria has widened, making it rare that applications developers do not consider basic security aspects such as authentication and access control, among others.

Spam has been a serious problem for email administrators and users alike for more than five years, growing from one in six emails in 2002 to approximately three out of four emails today. This white paper focuses on the problems caused by image spam, as well as other spammer techniques for delivering content through existing spam-blocking defenses. The paper also discusses Symantec’s approach to solving the problem of image spam, botnets and other threats.

As companies increasingly depend on software applications to enhance operations, the business impact of a broad range of IT risks concurrently rises. This whitepaper describes an IT risk management strategy for applications. Key aspects of this strategy include developing an awareness of various types of IT risks related to applications, quantifying the potential business impacts of application-related IT risks, and building an institutional capability to manage this IT risk. The paper then outlines how Symantec’s advisory consultants support organizations to address their IT risk management needs for applications.

For today’s computing environments, there is little question that endpoint security is a required component of an overall enterprise security strategy. Various trends fostering user mobility ensure that many endpoints will frequently be exposed directly to the Internet and endpoints are still being exposed to numerous threats. This paper clarifies the various aspects of the endpoint security problem and to identify the functional requirements of a comprehensive endpoint security solution.