Recent Entries
Popular articles
Topics
Recommended links

RSS icon Subscribe

» View my profile
Technorati

del.icio.us My links on del.icio.us

Tags
analysis antivirus application security auditing botnets breaches compliance crime cryptography DNS encryption forensics humor interesting Linux Malware marketing network pdf pentest phishing php Privacy rant reference software ssl standards sysadmin tool tools trends ubuntu Virtualization virtualization security vmware vulnerabilities vulnerability+assessment web web application security webappsec web security windows Windows security xss

Archive for 'Best practices' Category

« Previous PageNext Page »

Dear developers: sign your code!

13 September 2007

Yesterday the domain belonging to the Bastille Linux server hardening project was taken over by a domain squatter who is demanding $10,000 to give it back. So far the squatter hasn’t done anything malicious with the web site, but how much can you trust someone whose business model is extortion? The Bastille scripts are popular, [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices
Comments Off

CIS releases virtual machine security guide

12 September 2007

The Center for Internet Security (CIS) has published a nice little guideline on hardening virtual machines . The guide covers security issues for both guests and hosts and applies to any virtualization product, not just VMWare. CIS has created a number of guidelines for hardening popular operating systems, routers and server applications such as Apache, [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices, Virtualization
Comments Off

Port scanning with Adobe Flash

20 August 2007

The same origin policy for web browsers is completely blown. Last year SPI Dynamics demonstrated how to trick a browser into doing a port scan of the local network using plain old Javascript. Now researchers at the Chaos Communication Camp demonstrated that Adobe Flash can do the same thing. Very neat proof of concept. Yet [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices, Web security
1 Comment »

A few interesting articles

9 November 2006

This  week I’ve been busy taking a course and doing  research so haven’t had time to post articles lately, but here are a few interesting papers and tools I’ve come across that deserve some attention: Using Nepenthes Honeypots to Detect Common Malware: Most security folks are familiar with honeypots, but not why you might want [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices
Comments Off

Secure web development teaching resources

25 October 2006

Web developers have it tough. Just getting the basic functions of an application working reliably in the stateless, ever-changing, browser bug infested environment of the web is challenging enough. There’s not much time to also keep up to date on security issues. I’ve written and delivered security courses for web developers and coming up with [...]

Read the rest of this entry...
 

Posted by D Webber Filed in Best practices, Education, Web security
Comments Off

« Previous PageNext Page »


Article contents copyright © Advosys Consulting Inc. Comments are copyright of the author
Icons courtesy Wikimedia Commons and are copyright of their authors.