| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Apache
|
|
IIS
|
|
Web Proxy
|
|
Web Application Security, with a Focus on ColdFusion Although web application security is not product specific we will focus on the last two layers using ColdFusion (CF) and the code. This paper will not cover securing the other layers, policy, or web application risk assessments, which would be a great topic for another GSEC paper.
By Joseph Higgins, 05/11/2004
|
|
Securing e-Commerce Web Sites Securing web sites, and web servers in particular, has been the focus of many security articles and conferences over the past few years. Obviously, a web site’s security level is heavily influenced by the security means, which are used by, and on, the web server.
By Ariel Pisetsky, 05/11/2004
|
|
Web Authentication Security This document will cover four web authentication security techniques that are used by web server administrators to provide web browser clients access to the file systems on their host computers. These four authentication techniques are Basic Authentication, Digest Authentication, Database Authentication, Anonymous Authentication, and N-Tier Authentication. Because these four techniques are basic to security, they can, and often are, utilized on almost any web server.
By Donna Selman, 05/11/2004
|
|
Domino Web Server Lotus Notes/Domino is a widely used group collaboration and messaging platform originally designed to work in a client-server architecture using proprietary protocols. The client is known as Notes, and the server is known as Domino. Later releases of Domino incorporated the use of Internet standard protocols and provided for access to Domino servers using web browsers as well as the Notes client.
By Karen Zwolski, 05/11/2004
|
|
Code Access Security and Policy in Microsoft’s .NET .NET is Microsoft’s new platform, oriented towards Internet-based applications and Web services. Because of its orientation towards programs loaded and run from the Internet, it was designed with security in mind. At runtime, the.NET framework can determine what permissions to allow to a block of code depending on evidence, which includes the location of the code (local disk, intranet, internet, etc.) and its publisher.
By Steven Kovner, 05/11/2004
|
|
JavaScript Problems I've Discovered Netscape awarded me a $1000 bugs bounty for my initial JavaScript tracker back in Feb 1996. They also sent me a Mozilla mug. They did not send me anything for the discovering the first HTTP file upload bug (I would have preferred another $1000).
By John Robert LoVerso, 04/22/2004
|
|
Designing Secure Solutions with .NET The proper approach to designing a solution is one that meets business objects and that protects against identified risks with controls that are transparent to the user. The approach sounds simple enough; the challenge is defining what needs to be protected, what are the risks and types of controls needed, and how to implement them in a cost effective way. There is no such thing of a security mechanism that will protect your secrets for eternity. If the security mechanism is strong, attacks could be mounted against the environment, vulnerabilities in key management or with a person’s willingness to be helpful. Aside from secure design and coding practices you need to consider policies, setting expectations, environmental control, and training. Developing a secure solution requires creating a layered security strategy with the support of policies, controls, and training.
By Bill Ferreira, 04/18/2004
|
|
A Web Developer's Guide to Cross-Site Scripting Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. Because of the number of possible injection locations and techniques, many applications are vulnerable to this attack method. Scripting attacks differ from other web application vulnerabilities because they attack an application’s users, not an application’s infrastructure, but they can still cause a great deal of damage. This paper describes how cross-site scripting works and what makes an application vulnerable, along with suggestions for developers about tools for discovering cross-site scripting vulnerabilities in their applications and recommended practices for creating applications that are less vulnerable to the attack and more resilient against successful cross-site scripting attacks.
By Steven Cook, 04/18/2004
|
|
XML Web Services Security and Web based Application Security This paper provides high-level insights into how to create secure distributed, language neutral, platform independent web based applications using XML Web Services. A description of some of the efforts that are currently underway to create a standardized security framework for XML Web Services Security along with a representative example of a secure XML Web Services message.
By Chris Kwabi, 04/18/2004
|
|
Installing & Configuring vsftpd Installing & configuring vsftpd. This includes working standard configurations and authentification for virtual users with PAM. Also included is a FAQ which also deals with firewalling rules required for FTP to work properly.
By Markus Welsch, 04/18/2004
|
|
Page: 1 2 345 |
