| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Oracle
|
|
PHP and MySQL
|
|
The Security Challenges of Offshore Development Software development is now a global process. Hundreds of U.S. corporations are turning to offshore software outsourcers to maintain their core systems as well as develop new applications. India alone exported over $5 billion dollars of software in 2000, over 65 percent of this went to the United States.i Software outsourcing companies have set up offshore development centers (ODC) in many other Asian countries such as Pakistan, Malaysia, China, and the Philippines. Other popular destinations include Israel, Ireland, Mexico, Russia and Chile. These countries offer low costs, valuable trained personnel, and English language capabilities. Their facilities employee thousands of programmers who develop software applications for U.S. companies.
By Rob Ramer, 04/18/2004
|
|
Insecurity of Inputs to CGI Program This paper is to list some points that each web programmer has to consider while coding a web based application that interacts with user inputs through CGI as well as tools that can be used to test it.
By Suhairi Mohd Jawi, 04/18/2004
|
|
PERL as a useful, flexible and extensible tool This paper introduces PERL as a useful, flexible, and extensible tool for the security practitioner. References to resources are provided so that the reader may expand their knowledge beyond the concepts presented here. In this paper examples of PERL's ability to process log files, grab banners of network services, craft packets, and to exploit code that writes to unchecked buffers (typically call buffer overflows) are explored.
By Holt Sorenson, 04/18/2004
|
|
Using The WinBatch Scripting Language To Automate Security In An NT4 Environment A basic scripting knowledge is the Swiss Army knife of any administrator's repertoire. The use of scripting can enable the automation of virtually any repetitive task. For any security administrator working on a network with more that one server, scripting allows automated patch distribution and time to be spent on the important task of interpreting information, rather than generating it!
By Terry Chapman, 04/18/2004
|
|
Using Scripts to Exploit and Mitigate Risks It's fairly common knowledge that batch files, or scripts, can be used to automate many mundane and tedious tasks. It is not said enough, however, that scripts can create risks. On the lighter side, you can also use scripts to help mitigate risks. If you are an administrator utilizing multiple Microsoft platforms, perhaps you should consider how well your network is protected. We'll cover how scripts can best help you and your unique situations by covering some of the commands that really make a script what it is; powerful. Rather than talking solely about how to automate tasks, we'll take a deeper look at script-automation and see how we can use it for the forces of good - and how it can be turned to evil.
By Robert G. Rodriguez, 04/18/2004
|
|
A Look at Automatic Protocol Generation & Security Protocols This paper will attempt to describe automatic protocol generation, and security protocols. Automatic Protocol Generation, APG for short, is a mechanism to generate security protocols automatically. This is accomplished by having the designer or engineer input a set of security system requirements and properties that dynamically produces a security protocol that best meets the criteria. The system requirements for input are defined as a metric function, which defines the cost or overhead of the protocol primitives, which defines an ordering over protocols with respect to the metric function. Based on this ordering, APG investigates the protocol space and outputs the correct protocol, which has minimal cost with respect to the metric function. The protocol also satisfies the security properties and system requirements.
By Boris W. Vassall, 04/18/2004
|
|
Digging Deeper Into TCP/IP This paper takes a close look at TCP/IP as a reference for the security professional. Its goal is to consolidate information from numerous sources into one place and to go deeper into the client/server relationship. It explores basic TCP/IP concepts such as encapsulation, IP and TCP definitions, client/server connections, and discusses less well-known concepts such as state. It concludes with an illustration of an entire TCP session (Figure 10), including absolute sequence and acknowledgement numbers, state identification, and client and server responses. TCP/IP is an immense subject and this paper is by no means exhaustive, but references are supplied to help the reader further explore this topic.
By Leah Wilson, 04/18/2004
|
|
Securing an Anonymous FTP Server in Solaris 8 with WU-FTPD This paper will present one method of securing an anonymous FTP server in an UNIX environment. The paper will begin with a brief overview of the FTP protocol as defined in IETF Standard 9, RFC-959, including vulnerabilities in its design. A discussion will then proceed about the advantages and disadvantages of anonymous FTP. Next, a synopsis of anonymous FTP security basics, followed by highlights of the security features of WU-FTPD, will be presented. The paper will then focus on the compilation, installation, and configuration of a secure anonymous WU-FTPD server running on a Solaris 8 platform.
By Mansel Bell, 04/18/2004
|
|
A Security Assessment of the Ricoh Afcio 450E Multifunction Device There is an increasing use in the business community of multifunction devices that provide network printing, scanning and faxing. These devices are frequently being deployed within business with little thought of the security implications of devices that bridge the network and phone line, potentially offering a backdoor to both the network and confidential information via "cross channel" communications. This paper examines the security of the Ricoh Aficio 450E Multifunction device (hereafter known as Ricoh 450E).
By David L. Garrard, 04/17/2004
|
|
A Primer on OpenVMS (VMS) Security This is not a practical step-by-step guide to securing VMS; rather, it is an introductory primer on the security concepts and features that the operating system has. VMS system security is quite comprehensive and there exists numerous parameters and settings which would require a much more granular depth than the length of this paper would provide. The Compaq OpenVMS Guide to System Security manual listed in the List of References Section is the recommended reference for further examining VMS system security settings and how the reader may go about tailoring the security settings of their system in conjunction with their particular organizational needs or security policy. My aim therefore is to provide insight into such functionalities and to provide an overview.
By Steven Bourdon, 04/14/2004
|
|
Page: 12 3 45678 |
