Articles Tagged with "HTTP Security"
From the Web
Mod_Security and Slowloris
December 10, 2010 from: Rsnake's blog at ha.ckers.org
After all the press around Wong Onn Chee and Tom Brennan’s version of a HTTP DoS attack, I think people started taking HTTP DoS a tad more seriously. Yes, there are lots of variants of HTTP based DoS attack, and I’m sure more tools will surface over time. The really interesting part is how both Apache and IIS has disagreed that it is their problem to fix. So we are left to fend for ourselves. ...
Comments (0)
From the Web
JavaScript Protocol Comment Newline Injection
October 14, 2009 from: Rsnake's blog at ha.ckers.org
RSnake from ha.ckers.org discusses using newline injection to bypass certain filtering mechanisms and execute JavaScript.
Comments (0)
From the Web
Website exposes sensitive details on military personnel
September 08, 2009 from: Office of Inadequate Security
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
Comments (1)
From the Web
Best of Application Security (Friday, Sep. 4)
September 04, 2009 from: Jeremiah Grossman's Blog
Ten of Application Security industry's coolest, most interesting, important, and entertaining links from the past week -- in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected!
Comments (0)
From the Web
Google Safe-Browsing and Chrome Privacy Leak
August 24, 2009 from: Rsnake's blog at ha.ckers.org
Some more advice from Robert "RSnake" Hansen on why you shoulld be careful if using Google's Chrome browser.
Comments (0)
From the Web
Symantec names the 100 “Dirtiest” websites of the summer
August 22, 2009 from: Office of Inadequate Security
In an effort to determine which sites are safe to visit, security, storage and systems management solutions provider Symantec (www.symantec.com) has identified the “Dirtiest websites of Summer 2009,” a list of the 100 most threatening sites that try to deceive visitors, steal their information or crash their computer.
Comments (0)
From the Web
Risky use of real data in application development
August 21, 2009 from: Office of Inadequate Security
Most organizations in the U.S. and U.K. put their sensitive customer and company data at risk during their application development and testing processes, according to a new study. 80% surveryed were hit by at least one breach in the past 12 months.
Comments (0)
From the Web
Overcoming Objections to an Application Security Program
August 17, 2009 from: Jeremiah Grossman's Blog
Today a large percentage of security professionals truly “get” application security. They understand the importance, the best-practices, the value, etc. What inhibits their success the most in building an effective application security program is a lack of buy-in from the business and support from development groups.
Comments (1)
From the Web
SMBEnum
August 09, 2009 from: Rsnake's blog at ha.ckers.org
Notes from Robert "Rsnake" Hansen about a talk given at DefCon last week regarding how Internet Explorer can be used to enumerate local system files.
Comments (0)
From the Web
Locking up the valuables: Opt-in security with ForceTLS
July 28, 2009 from: Mozilla Security Blog
Computers are increasingly mobile and, to serve them, more and more public spaces (cafes, airports, libraries, etc.) offer their customers WiFi access. When a web browser on such a network requests a resource, it is implicitly trusting the hotspot not to interfere with the communication. A malicious computer hooked up to the network could alter the traffic, however, and this can have some un...
Comments (1)
From the Web
wget DNS-rebinding and Weak Intranet Port Scanning
July 21, 2009 from: Rsnake's blog at ha.ckers.org
Albeit this a technical document, some interested points on browser technology in general (Linux's "wget" command) and DNS re-binding protection methods, this is an interesting read for you more saavy webappsec guys
Comments (1)
From the Web
Running JavaScript in Chrome Despite View-Source
July 11, 2009 from: Rsnake's blog at ha.ckers.org
A post from Rsnake over at ha.ckers.org about a Google Chrome browser vulnerability where javascript is executed while using the "Browse Source" function - ouch!
Comments (0)
From the Web
Measure What Matters - The SEC Essentials
July 10, 2009 from: Mozilla Security Blog
People want to know that they are safe when they browse the web. There are important differences between browsers when it comes to security, and so it’s no surprise to see a growing number of groups out there attempting to compare browsers based on their security record.
Comments (0)
From the Web
New CSS Grammar Fuzzer
July 10, 2009 from: Mozilla Security Blog
Fuzzers are a tool that we’ve found incredibly valuable in the past, and continue to employ heavily. A fuzzer’s job is to make your application fail by feeding it surprising inputs.
Comments (0)
From the Web
Shutting Down XSS with Content Security Policy
July 10, 2009 from: Mozilla Security Blog
For several years, Cross-Site Scripting (XSS) attacks have plagued many of the web’s most popular sites and victimized their users. At Mozilla, we’ve been working for the last year on a new technology called Content Security Policy.
Comments (0)
From the Web
CWE Top 25 Breakdown - Part 1 of 4
June 11, 2009 from: hackyourself.net
This week, we’ll take a look at the recently published CWE Top 25 Most Dangerous Programming Errors. Since the Top 25 are broken into three main categories, it makes sense to address the list in three separate segments. But first, let’s review what the CWE Top 25 is and its importance.
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!