Thank you for subscribing to Episode 4 of the HP Security Research Threat Intelligence Briefing. This briefing covers the following topics:
Web-based Malware: This section highlights prominent malware campaigns and exploit kits known to target vulnerabilities in web applications, web browsers and browser plugins. It offers an overview of several recent incidents employing a “watering hole” distribution tactic and the specific vulnerabilities targeted by these campaigns.
Attack Techniques: The emphasis of this section is on explaining the web application security weaknesses that frequently aid in malware infection. It describes how these weaknesses are exploited using different attack techniques for distributing and installing malware. By reviewing the malware infection process from start to finish, this section aims to emphasize the risk posed by insecure web applications to the users.
Declarative Security using HTTP Response Headers: This section explains how developers can take advantage of a declarative security approach for mitigating web-based malware using HTTP response headers. Additionally, detailed information on configuration options and browser support for all the major declarative security headers is included.
This companion report supports Episode 4 of the HP Security Research Threat Intelligence Briefing podcast available on the Web and iTunes. The regular podcasts and the associated companion reports are published through the HP Security Research blog at hp.com/go/hpsrblog.