Articles Tagged with "HTTP Security"


From the Web

Mod_Security and Slowloris

December 10, 2010 from: Rsnake's blog at ha.ckers.org

After all the press around Wong Onn Chee and Tom Brennan’s version of a HTTP DoS attack, I think people started taking HTTP DoS a tad more seriously. Yes, there are lots of variants of HTTP based DoS attack, and I’m sure more tools will surface over time. The really interesting part is how both Apache and IIS has disagreed that it is their problem to fix. So we are left to fend for ourselves. ...

Comments  (0)


From the Web

JavaScript Protocol Comment Newline Injection

October 14, 2009 from: Rsnake's blog at ha.ckers.org

RSnake from ha.ckers.org discusses using newline injection to bypass certain filtering mechanisms and execute JavaScript.

Comments  (0)


From the Web

Website exposes sensitive details on military personnel

September 08, 2009 from: Office of Inadequate Security

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.

Comments  (1)


From the Web

Best of Application Security (Friday, Sep. 4)

September 04, 2009 from: Jeremiah Grossman's Blog

Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!

Comments  (0)


From the Web

Google Safe-Browsing and Chrome Privacy Leak

August 24, 2009 from: Rsnake's blog at ha.ckers.org

Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.

Comments  (0)


From the Web

Symantec names the 100 “Dirtiest” websites of the summer

August 22, 2009 from: Office of Inadequate Security

In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.

Comments  (0)


From the Web

Risky use of real data in application development

August 21, 2009 from: Office of Inadequate Security

Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. 80% surveryed were hit by at least one breach in the past 12 months.

Comments  (0)


From the Web

Overcoming Objections to an Application Security Program

August 17, 2009 from: Jeremiah Grossman's Blog

Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.

Comments  (1)


From the Web

SMBEnum

August 09, 2009 from: Rsnake's blog at ha.ckers.org

Notes from Robert "Rsnake" Hansen about a talk given at DefCon last week regarding how Internet Explorer can be used to enumerate local system files.

Comments  (0)


From the Web

Locking up the valuables: Opt-in security with ForceTLS

July 28, 2009 from: Mozilla Security Blog

Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication.  A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...

Comments  (1)


From the Web

wget DNS-rebinding and Weak Intranet Port Scanning

July 21, 2009 from: Rsnake's blog at ha.ckers.org

Albeit this a technical document, some interested points on browser technology in general (Linux's "wget" command) and DNS re-binding protection methods, this is an interesting read for you more saavy webappsec guys

Comments  (1)


From the Web

Running JavaScript in Chrome Despite View-Source

July 11, 2009 from: Rsnake's blog at ha.ckers.org

A post from Rsnake over at ha.ckers.org about a Google Chrome browser vulnerability where javascript is executed while using the "Browse Source" function - ouch!

Comments  (0)


From the Web

Measure What Matters - The SEC Essentials

July 10, 2009 from: Mozilla Security Blog

People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record.

Comments  (0)


From the Web

New CSS Grammar Fuzzer

July 10, 2009 from: Mozilla Security Blog

Fuzzers are a tool that we’ve found incredibly valuable in the past, and continue to employ heavily. A fuzzer’s job is to make your application fail by feeding it surprising inputs.

Comments  (0)


From the Web

Shutting Down XSS with Content Security Policy

July 10, 2009 from: Mozilla Security Blog

For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy.

Comments  (0)


From the Web

CWE Top 25 Breakdown - Part 1 of 4

June 11, 2009 from: hackyourself.net

This week, we’ll take a look at the recently published CWE Top 25 Most Dangerous Programming Errors. Since the Top 25 are broken into three main categories, it makes sense to address the list in three separate segments. But first, let’s review what the CWE Top 25 is and its importance.

Comments  (1)

Page « < 1 - 2 > »