Security (Sicherheit)
▣ AAA▣ ACL
▣ Authentication
▣ Captcha
▣ Cryptography
▣ Data Integrity
▣ Encryption
▣ Hacking
▣ Java Security
▣ Network and Security
▣ PAM
▣ Penetration testing
▣ SASL
▣ Security News
▣ Security Policy
▣ Security Scan
▣ Snoop Server
▣ SSO
▣ STS
▣ TCG
▢ O\'Reilly Krzysztof Janowicz: Sicherheit im Internet (PDF) (12.11.2008)
Dass das Internet seine Unschuld verloren hat, behaupten Pessimisten bereits seit Jahren. Das stetig wachsende Spam-Aufkommen, Identitätsdiebstahl in großem Stil und der Handel mit Nutzerprofilen machen deutlich, dass die Onlinekriminalität professioneller geworden ist.
▢ BSI Schulung IT-Grundschutzhandbuch (09.09.2003)▢ O'Reilly Book Excerpt Secure Programming Techniques (28.04.2003)
Software engineers define errors as mistakes made by humans when designing and coding software. Faults are manifestations of errors in programs that may result in failures. Failures are deviations from program specifications. In common usage, faults are called bugs.
Design Principles and Coding Standards and Things to Avoid
Das Open Web Application Security Project oder OWASP hat eine Top-Ten-Liste der Sicherheitsrisiken aufgestellt:
Unvalidated Parameters - Broken Access Control - Broken Account and Session Management - Cross-Site Scripting (XSS) Flaws - Buffer Overflows - Command Injection Flaws - Error Handling Problems - Insecure Use of Cryptography - Remote Administration Flaws - Web and Application Server Misconfiguration
Grundsätzliches - Tipps für PC und Linux-User - Passwörter - Umgang mit E-Mail und Internet
▢ netzmafia.de Prof. Jürgen Plate: Sicherheit in Netzen (22.06.2002)Gefahren im Netz - Gefahrenabwehr - Firewall - Kryptoverfahren - VPN - Gefahren auf Anwenderseite - Tools - Quellen
▢ Open Web Application Security Project (18.04.2002)The Open Web Application Security Project (or OWASP) is an Open Source community project consisting of volunteers across the world. We are documenting and sharing knowledge on web application security techniques and issues as well as building open source software that helps developers test or implement security in web applications. All of our development takes place at Sourceforge.
▢ idefense.com Razvan Peteanu: Best Practices for Security Development (18.04.2002)The following document is intended as a guideline for developing secure applications. It is not about how to configure firewalls, intrusion detection, DMZ or how to resist DDoS attacks. In short, it is not about infrastructure and network security. Compared to a year ago, the availability of consolidated material intended for developers has definitely improved but effort is still required to make the developer community more security-aware.
▢ idefense.com David Endler: Brute Force Exploitation of Web Application Session IDs (18.04.2002)Almost all of today's "stateful" web-based applications use session IDs to associate a group of online actions with a specific user. This has security implications because many state mechanisms that use session IDs also serve as authentication and authorization mechanisms - purposes for which they were not well designed. This paper focuses on the ease with which many of these session IDs can be brute-forced, allowing an attacker to steal a legitimate web application user's credentials.
▢ Zenomorph: Header based Exploitation: Web Statistical Software Threats (18.04.2002)When people visit your website, certain information is passed from the users web browser to your web server/script. This information contains data such as what browser they are using, the last site visited, the file they requested, and other information. This paper was written to help you understand how an attacker can use these information fields to exploit your web statistics software.
▢ Zenomorph: Fingerprinting Port 80 Attacks (18.04.2002)Port 80 is the standard port for websites, and it can have a lot of different security issues. These holes can allow an attacker to gain either administrative access to the website, or even the web server itself. This paper looks at some of the signatures that are used in these attacks, and what to look for in your logs.
Zur Liste
Neue Unter-Kategorie
Neuer Eintrag
KnowledgeBase
When we least expect it, life sets us a challenge to test our courage and willingness to change.