Security Info

Papers

  • A Modular Approach to Data Validation in Web Applications - Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. It starts with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. Finally, a modular approach is introduced together with practical examples of how to implement such a scheme in a web application.
  • Securing Mac OS X 10.4 - This guide is an updated version of the guide for Securing Mac OS X (10.3) Panther and covers the new security features offered by Tiger as well as incorporating additional security guidelines that were omitted in the original guide.
  • Securing Mac OS X 10.3 - Mac OS X (10.3) provides many built in security features that, when fully utilised, can greatly reduce the risk of a security incident. OS X is one of the most secure default installations when compared to other operating system. The install follows the accepted best practice of disabling all network services unless explicitly enabled. The default security settings should suit the needs of most users in a workstation setting. This guide is aimed at users in environments requiring stronger security controls in an operating system, making full use of the protection features offered in OS X. It would also be of use to system administrators wishing to enforce an organisation wide desktop security policy for Mac OS X.
  • Application level DoS attacks - How vulnerabilities in web applications can lead to denial of service conditions.

Tools

  • The latest Mac OS X packages for the Paros, WebScarab and BurpSuite proxies can be found on Corsaire's site.
  • multimap.pl
    • - perl script which launches a number of concurrent nmap processes, puts the results in XML, human and machine output, optionally launches amap on the open ports and generates an HTML file of the results.

Notes

Command line nessus: nasl -t IP_ADDRESS nasl_script_to_run
To harvest TCP sequence numbers:hping2 --seqnum
Usefull nmap options:
  • --max_rtt_timeout maximum timeout before retrying connection.
  • --osscan_guess best guess for OS if the OS is not matched 100%.
  • --min_parallelism minimum number of ports to scan at once.

Links