SQL Injection and Oracle, Part Two
This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment offered an overview of SQL injection and looked at how Oracle database applications are vulnerable to this attack, and looked at some examples. This segment will look at enumerating the privileges, detecting SQL injection attacks, and protecting against SQL injection.
Friday, November 29, 2002
Thursday, November 28, 2002
Secure Programming with .NET
At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. However, with all the concerns regarding security and privacy of data, many individuals and companies are reluctant to connect their business systems and place their data in reach of hackers thousands of miles away. Microsoft understands the challenges and concerns facing early adopters of their technology, and has made security one of their top priorities. The fundamental pillar for building applications is the security surrounding the .NET framework and the security services it provides. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.
At the core of Microsoft's .NET initiative is the goal of interconnecting businesses, users, applications, and data. However, with all the concerns regarding security and privacy of data, many individuals and companies are reluctant to connect their business systems and place their data in reach of hackers thousands of miles away. Microsoft understands the challenges and concerns facing early adopters of their technology, and has made security one of their top priorities. The fundamental pillar for building applications is the security surrounding the .NET framework and the security services it provides. In this article, we will provide an overview of .NET framework security features and provide practical tips on how to write secure code in the .NET framework. More importantly, we will discuss which pitfalls to avoid.
The Open Web Application Security Project
The Open Web Application Security Project (OWASP) is an Open Source community project staffed entirely by volunteers from across the world. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services. Much of the work is driven by discussions on the Web Application Security list at SecurityFocus.com. All software and documentation is released under the GNU public licenses.
The Open Web Application Security Project (OWASP) is an Open Source community project staffed entirely by volunteers from across the world. The project is developing software tools and knowledge based documentation that helps people secure web applications and web services. Much of the work is driven by discussions on the Web Application Security list at SecurityFocus.com. All software and documentation is released under the GNU public licenses.
CodeSeeker
So what is CodeSeeker ? It is an application level Firewall and Intrusion Detection System, written in Java and C/C and runs on Windows NT, Solaris and Linux (beta). It intercepts HTTP traffic off the TCP/IP stack (immediately after its been decrypted by SSL if its HTTPS), and applies a set of security rules to determine if the traffic is legitimate or malicious. CodeSeeker can either sit in a passive mode simply alerting your console of attacks (IDS) or in an active mode blocking traffic (firewall).
So what is CodeSeeker ? It is an application level Firewall and Intrusion Detection System, written in Java and C/C and runs on Windows NT, Solaris and Linux (beta). It intercepts HTTP traffic off the TCP/IP stack (immediately after its been decrypted by SSL if its HTTPS), and applies a set of security rules to determine if the traffic is legitimate or malicious. CodeSeeker can either sit in a passive mode simply alerting your console of attacks (IDS) or in an active mode blocking traffic (firewall).
Butterfly Security Releases CodeSeeker as Open Source
Butterfly Security released CodeSeeker as open source through the
Open Web Application Security Project (OWASP). CodeSeeker is a Web application firewall and Intrusion Detection System (IDS) tool that
runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
Butterfly Security released CodeSeeker as open source through the
Open Web Application Security Project (OWASP). CodeSeeker is a Web application firewall and Intrusion Detection System (IDS) tool that
runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
Wednesday, November 27, 2002
Location, location, location-based services
Studies by industry analysts forecast even greater demand for wireless and mobile devices, creating substantial opportunities for wireless device application and service providers. Faced with an increasingly difficult challenge in raising both average revenue per user (ARPU) and numbers of subscribers, wireless carriers and their partners are developing a host of new products, services, and business models based on data services. We'll have a look at location-based services and how they boost both service and revenue.
Studies by industry analysts forecast even greater demand for wireless and mobile devices, creating substantial opportunities for wireless device application and service providers. Faced with an increasingly difficult challenge in raising both average revenue per user (ARPU) and numbers of subscribers, wireless carriers and their partners are developing a host of new products, services, and business models based on data services. We'll have a look at location-based services and how they boost both service and revenue.
ngSniff
Some time ago, NGSEC released a command line sniffer for win2k or higher (no packet driver requeired). It was developed for penetration tests once you have access for a cmd.exe shell.
Some time ago, NGSEC released a command line sniffer for win2k or higher (no packet driver requeired). It was developed for penetration tests once you have access for a cmd.exe shell.
Kyle's Instruction on MAC Spoofing in Windows 2000 and XP
Can you really change (Spoof) the MAC address in a Windows 2000 or XP system? YES (Almost all of them, whether Manufacturers allow it or not!).
Can you really change (Spoof) the MAC address in a Windows 2000 or XP system? YES (Almost all of them, whether Manufacturers allow it or not!).
Packet Excalibur
It is a multi-platform graphical and scriptable network packet engine with extensible text based protocol descriptions.
In short this is a network tool to built and receive custom packets.
With Packet Excalibur you will be able :
to decide packet attributes from physical layer to the top,
to sniff and spoof packets (packet generator) in a single interface,
to build scripts in the gui,
to define additional protocols in simple text files.
It is a multi-platform graphical and scriptable network packet engine with extensible text based protocol descriptions.
In short this is a network tool to built and receive custom packets.
With Packet Excalibur you will be able :
to decide packet attributes from physical layer to the top,
to sniff and spoof packets (packet generator) in a single interface,
to build scripts in the gui,
to define additional protocols in simple text files.
Transparent Cryptographic File System
Secure file sharing' is a kernel service to help user applications in sharing secure files among a group of users. Each file is given a unique file_id and a user chosen level by means of which users can choose to forbid or to permit access to it.
Secure file sharing' is a kernel service to help user applications in sharing secure files among a group of users. Each file is given a unique file_id and a user chosen level by means of which users can choose to forbid or to permit access to it.
Monday, November 25, 2002
National Institute of Justice - Technology Programs
NIJ Sponsors technology research, development, assessment, and implementation to improve public safety.
NIJ Sponsors technology research, development, assessment, and implementation to improve public safety.
Subscribe to:
Posts (Atom)