Interesting links – March 25
Potentially interesting links for March 25:
- Side-Channel Leaks in Web Applications – Summary of a paper describing how traffic analysis of SSL (especially SSL AJAX requests) can deduce some (and sometimes lots of) information.
- Shared Assessments – A common-sense approach to evaluating vendor controls for security, privacy and business continuity. Outsourcers, service providers and assessment firms can reduce redundancies and increase efficiencies in the vendor control assessment process.
- On the Trail of World’s Most Ingenious Thief – Fun story about Gerald Blanchard, a recently caught criminal who defeated physical security systems in Pink Panther-like ways to steal millions. Like Abagnale and Mitnick, he will probably have a great future as security consultant.
- Exploiting hard filtered SQL Injections – Circumventing SQLi filters using flexible MySQL syntax.
Posted in Interesting |
Tags: assessment, crime, cryptography, database, injection, interesting, management, mysql, outsourcing, pentest, physical+security, Privacy, service+providers, SQLi, webappsec
Tags: assessment, crime, cryptography, database, injection, interesting, management, mysql, outsourcing, pentest, physical+security, Privacy, service+providers, SQLi, webappsec