Integrating Vulnerability Scanners and Web Application Firewalls
Posted on June 6, 2008 - Filed Under filtering input | Leave a Comment
As I mentioned in my previous post - What’s the Score of the Game - I feel that one of areas where organizations are failing, with regards to web application security, is that there is a lack of communication between the following three …
Read More..>>Top 10 Linux Commands Anyone Can Use
Posted on June 6, 2008 - Filed Under programming | Leave a Comment
This command receives input from STDIN (Standard Input) and allows you to page through the output. This is useful with the command mentioned above. What if you have too much data for your shell’s output buffer? You can’t scroll up. …
Read More..>>Lets examine security.
Posted on May 28, 2008 - Filed Under security | Leave a Comment
Encode all posts or user inputed data. You’ll have to sanitize user input, by disabling users the ability to put HTML tags & Javascript on pages, this is called escaping. Javascript escape(); Parse all HTML data as to make sure code …
Read More..>>Hacker Network Security HandBook
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
turn on local echo, set authentication to NTLM, set the escape. character, and set up logging. • SET NTLM turns on NTLM. While you are using NTLM Authentication, you are not. …
More here: Hacker Network Security HandBook
wiki:plugins:security - Add some material on XSS
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
It is usually safer to parse the users input to check that they are only using the permitted attributes, rather than to try to parse out the prohibited attributes. This is often referred to as \”whitelisting\” the permitted things in …
See more here: wiki:plugins:security - Add some material on XSS
Hoogle 3 Security Bug
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Enhanced security is one of the many advantages that Haskell offers. It is not possible to overrun a buffer and conduct stack smashing attacks on a Haskell program. Passing query strings will not overwrite global variables, and escaping …
View original here: Hoogle 3 Security Bug
[XSS Info] Re: all lowercase javascript without parenthesis
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
The escape() method doesn\’t seem to work. i tried this and it didn\’t work: \’e setter=eval;u setter=unescape;e=u=\’%61%6c%65%72%74%28%27%58%53%53%27%29\’\’ I tried doubly escaping it and it didn\’t work, either: \’e setter=eval;u …
See the original post: [XSS Info] Re: all lowercase javascript without parenthesis
[XSS Info] Re: < and >
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
You know about attribute injection right? Occurs when a site echoes back user supplied input into a tags attributes. If you can escape the attribute you can attach a style tag that takes malicious action.
See the original post: [XSS Info] Re: < and >
Firefox 2.0.0.12 Security Release
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Security researchers hong and Gregory Fleisher each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside …
View original here: Firefox 2.0.0.12 Security Release
linux security 2
Posted on January 1, 1970 - Filed Under programming | Leave a Comment
Simply input names, and if the user exists, you will get back an RFC822 email address with the @ sign. If the user doesn’t exist, you’ll get back a “user unknown†error message. Although a username is not enough for access, …
Originally posted here: linux security 2