| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Oracle
|
|
PHP and MySQL
|
|
A Paper on the Promotion of Application Security Awareness What does not make the headli ne news is the compromised application. The very application that holds the inf ormation, the jewel assets of the company that could have stolen the headl ines. Some how the application security does not make interesting reading material. Application security is not a new science and the same principals that apply to network security also apply to applicat ion security.
By Man-Sau Yi, 04/29/2004
|
|
Using Terminal Services to Remotely Administer Windows2000 Servers Securely This paper will focus primarily on the security issues of using Terminal Services to remotely administer Windows 2000 Servers. A general discussion of Terminal Services clients, licensing, the Remote Desktop Protocol (RDP) and Terminal Services encryption methods will provide the reader with a fundamental understanding of Terminal Services. A brief discussion of various security and Denial of Service vulnerabilities will demonstrate the need for Terminal Services security. The paper will conclude with the general steps necessary to plan, implement, test and monitor a secure Terminal Services configuration to remotely administer Windows 2000 Servers.
By David Myhre, 04/26/2004
|
|
Secure Remote Server Administration of the Windows Server Family Using Windows Terminal Services This paper provides an overview of Windows Terminal Services (WTS) and its operating scenarios. I discuss how to install and secure Windows Terminal Services. However, because WTS can be used as part of defense in depth strategy for secure computing, I also provide details for configuring a workstation environment to utilize WTS. In addition, I provide guidance for user account administration as it is relates to remote server support. Finally, I provide a framework for securely managing remote servers through standardized tools and workstation environment.
By Bill Evrigenis, 04/26/2004
|
|
Security Measures for Windows 2000 Terminal Server Windows 2000 Terminal Services offers a low-cost and relatively high level of security for a mostly unmonitored and unrestricted student work environment. This case study demonstrates the security practices and procedures followed as well as resources used to install Windows 2000 Terminal Server (Application Mode) and corresponding thin clients in a mostly unrestricted university environment.
By Douglas McCrea, 04/26/2004
|
|
Inside the Buffer Overflow Attack:Mechanism, Method, & Prevention The objective of this study is to take one inside the buffer overflow attack and bridge the gap between the "descriptive account" and the "technically intensive account". The intent is to provide a logical, detailed, and technical explanation of the problem and the exploit that can be well understood by all, including those with little background in the mechanics and methodology of applications programming.
By Mark E. Donaldson, 04/18/2004
|
|
Security Techniques for Mobile Code From a security point of view mobile code entities extend the potential of (stationary) distributed systems through the possibility of programs being executed on computers that are often not maintained by the employer of that program. Here two parties are involved in running a program, and thus guarantees have to be given that one party will not harm the other. This paper discusses the various techniques and trust models needed to enforce a level of security that prevents malicious mobile code from infiltrating and running on an unsuspecting users system.
By Nathan Macrides, 04/18/2004
|
|
Securely Programming in C Three men are in a car; a programmer, an engineer and a designer. As the car is about to go down a hill the brakes fail on the car and it crashes at the bottom. The men walk out of the car and discuss what happened. The designer says "let's get the drawings of the car and analyze the design and find out the flaws in the design". The engineer says, "no, let's take a look at the wreckage and analyze each and every component to see what failed". The programmer says, "I think we should push the car to the top of the hill and see if it happens again".
By Sayed Jamil Ahmed, 04/18/2004
|
|
Secure Software Development and Code Analysis Tools The first half of this document discusses secure coding techniques. The main languages chosen to facilitate the discussion are Perl, Java, and C/C++. These were chosen due to their popularity and extended usage in the software development community. This document does not give an elaborate overview of what makes a secure application. That is, it is assumed that the reader has an understanding of the general concepts of authentication, authorization, input validation, logging, error handling, and other application security concepts, and why they are important to the overall security of an application. These concepts instead are intrinsic to the ideas presented herein.
By Thien La, 04/18/2004
|
|
A Tour of TOCTTOUs Time of check to time of use (TOCTTOU) vulnerabilities exist due to race conditions arising from an invalid assumption: That nothing affecting the validity of a security assertion changes between the time it is checked and the time an operation that depends on that assertion is performed. In fact, it is quite possible that the security of the environment changes with respect to the assertion during this interval. If these changes are cleverly timed and orchestrated, the operation may result in a security breach. This paper characterizes this particular category of security vulnerabilities, describes various types of TOCTTOUs and particular situations in which they have arisen historically, and presents a short set of guidelines for reducing or eliminating these flaws.
By Craig Lowery, 04/18/2004
|
|
Improving Software Security During Development A great deal of work has gone into making computer and network systems secure. This paper will explore the basis for creating secure software and systems during development. Software security directly correlates to the quality of the development process and leadership focus on security. Unfortunately, the market drives demand, so the primary effort is spent on feature rich software rather than secure by default systems. This has made the information security industry what it is today; long checklists to correct default insecurity, expensive audits to discover vulnerable systems and layers of defensive measures to protect against attack.
By Robert W. Usher, 04/18/2004
|
|
Page: 1 2 345678 |
