Web Information Security

RSS Feed Homepage

Articles: 1, 2, 3, 4

Casino online e poker online in Italia
2008-03-31 15:09:00
Buongiorno a tutti e benvenuti su WEBINFOSEC.COM: l’ultimo ritrovato del Web riguardo i casino online italiani. In Italia c’é la possibilitá di giocare senza problemi ai migliori casino online al mondo: tutti tradotti e tutti con un servizio clienti in Italiano di altissimo livello. Ma qual’é il migliore casino online in Italiano? Questo non possiamo dirlo: i casino online variano molto da casino a casino e dipende troppo dai singoli gusti. Quello che peró possiamo dirvi é che i casino online vanno valutati sotto diversi punti di vista: la sicurezza, il software, il sito e il bonus casino che elargiscono. Guardate per Esempio Swiss Casino : Questo é davvero un casino online sicuro di fama internazionale: stiamo parlando di un casino online in Italiano di natura e soprattutto precisione svizzera, ottimo servizio clienti, software casino playtech e un altissimo bonus di 150% sul primo deposito: depositi 100 e trovi sul conto 250! Come fate a rinunciare a giocar...
More About: Poker , Online

Web 2.0 applications raise security issues
2007-08-13 04:48:00
As new Web applications such as wikis, blogs and podcasts that foster increased collaboration and communication proliferate, they are bringing new security challenges corporate network managers have to contend with. According to Robert Hansen, president of California-based security consultancy SecTheory, the use of programming languages such as Java and Ajax, as well as the JSON data interchange format, in Web 2.0-style apps has created another door from which nefarious elements can enter a company's back end and do irreparable damage.  read more »
More About: Security , Programming , Applications , Operating System , Issues

Closing Security Holes with Application Scanners
2007-08-13 04:47:00
Good fences make good neighbors. Strong parameter security makes criminals look harder. Collectively, we have succeeded somewhat with our fences and now must continue the incremental gains on our PCs and other endpoints. If an ounce of prevention is worth a pound of cure, application scanners may provide a ton of security cures.  read more »
More About: Security , Scanners , Application , Scanner , Holes

Financial Firms Discuss How To Build A Better Data Center
2007-08-13 04:18:00
Financial firms are turning to technologies like virtualization and grid computing in their data centers, as well as implementing "future-proof" designs to accommodate emerging technologies, the firms said at Wall Street Technology Association's data center event in New York City on Tuesday.  read more »
More About: Financial , Data , Center , Build , Finan

emurhfkq
2007-06-23 17:10:00
cialis generic viagra all festival. not generic cialis price August.  read more »

emurhfkq
2007-06-23 17:10:00
cialis generic viagra Warriors retreats across generic cialis price strengths hikers then fioricet afraid Alaskan spring fioricet online event the high buy fioricet distinctly the they'll butalbital fioricet of was mount  read more »
More About: Authentication

emurhfkq
2007-06-23 17:09:00
cialis generic viagra event. be Because generic cialis price ordinary incredible.  read more »
More About: Authentication

emurhfkq
2007-06-23 17:09:00
cialis generic viagra major recent specific generic cialis price will same.  read more »
More About: Authentication

VoIP security fundamentals
2007-06-15 23:30:00
Voice over IP (VoIP) security is a challenge for IT staff because IP telephony (IPT) brings with it not only the security problems of data networks but also new threats specific to VoIP. In this fundamentals guide, learn about network security threats and emerging IP telephony threats, and how to secure your VoIP systems and endpoints from them.  read more »
More About: Security , Voip , Fundamental , Amen , Dame

Common mistakes in two-tier applications
2007-06-15 23:23:00
In this article, we look at some of the common mistakes made in configuring and developing two-tier applications which can render the database vulnerable to attacks from users.  read more »
More About: Applications , Common , Application , Comm , Tier

Scanning Ajax for XSS entry points
2007-05-29 03:30:00
The continuous adoption of Web 2.0 architecture for web applications is instrumental in Ajax , Web services and Flash, emerging as key components. Ajax is a combination of technologies such as JavaScript with the XMLHttpRequest object, DOM and XML streams. Cross site scripting (XSS) can make browsers vulnerable to critical information hijacking if exploited with malicious intent. XSS is already categorized as persistent [1], non-persistent [1] and DOM-based [2]. Ajax code loaded in browser can have entry points to XSS and it is the job of the security analyst to identify these entry points. read more
More About: Scanning , Point , Canning , Scan

Crawling Ajax-driven Web 2.0 Applications
2007-05-29 03:23:00
Crawling web applications is one of the key phases of automated web application scanning. The objective of crawling is to collect all possible resources from the server in order to automate vulnerability detection on each of these resources. A resource that is overlooked during this discovery phase can mean a failure to detect some vulnerabilities. The introduction of Ajax throws up new challenges [1] for the crawling engine. New ways of handling the crawling process are required as a result of these challenges. The objective of this paper is to use a read more
More About: Applications , Crawling , Application , Web 2.0

The basics of how digital forensics tools work
2007-05-29 03:15:00
I?ve noticed there is a fair amount of confusion about how forensics tools work behind the scenes. If you?ve taken a course in digital forensics this will probably be ?old hat? for you. If on the other hand, you?re starting off in the digital forensics field, this post is meant for you. There are two primary categories of digital forensics tools, those that acquire evidence (data), and those that analyze the evidence. Typically, ?presentation? functionality is rolled into analysis tools.
More About: Tools , Work , Forensics , Digital , Digi

Security features for IIS 7.0 Webserver For Windows Vista And Beyond
2007-05-18 17:30:00
I often hear people-both inside and outside of Microsoft-refer to the new IIS 7.0 Web server as one of the most important developments coming out of Microsoft over the past several years. This is a rather significant statement, given the impressive lineup of technologies released by Microsoft recently, including Windows Vista ?! The release of IIS 7.0 coincides with the ten-year anniversary of the release of the first version of IIS, in Windows NT® 4.0. read more
More About: Security , Windows Vista , Features

Windows Vista ISV Security
2007-05-18 17:22:00
Windows Vista offers numerous defensive enhancements designed to protect customers from malware. Applications that run on the platform should take full advantage of these defenses as the defenses are essentially free and could transform a coding error from a serious vulnerability into a crashing bug. This paper is highly abridged from "Writing Secure Code for Windows Vista" by Howard and LeBlanc and applies only to unmanaged (non-.NET) C and C++ code. read more
More About: Security , Windows , Windows Vista , Indo

JavaScript in web browsers is new security weak spot
2007-05-18 17:17:00
The growing use of JavaScript in web browsers is the new security weak spot, says Brian Chess, chief scientist and founder of US security software specialist Fortify Software. Specifically, the use of Ajax techniques to build Web 2.0 applications makes enterprise applications more vulnerable. read more
More About: Security , Browsers , Web Browsers , Spot , Javascript

Using the XML HTTP Request object
2007-05-17 22:16:00
Internet Explorer on Windows, Safari on Mac OS-X, Mozilla on all platforms, Konqueror in KDE, IceBrowser on Java, and Opera on all platforms including Symbian provide a method for client side javascript to make HTTP requests. From the humble begins as an oddly named object with few admirers, it's blossomed to be the core technology in something called AJAX [1]. read more
More About: Request , Sing , Quest , Http , Object

The security risk in Web 2.0
2007-05-17 22:14:00
Web 2.0 is causing a splash as it stretches the boundaries of what Web sites can do. But in the rush to add features, security has become an afterthought, experts say. The buzz around the new technology echoes the '90s Internet boom--complete with pricey conferences, plenty of start-ups, and innovative companies like MySpace.com and Writely being snapped up for big bucks. read more
More About: Security , Risk , Web 2.0

Security in the Microsoft .NET framework
2007-05-17 22:10:00
This presents an overview of the security architecture of Micro soft 's .NET Frame work . This paper is based on a long-term, independent security analysis performed by Foundstone, Inc. and CORE Security Technologies, beginning in the summer of 2000. read more

Security Education vs Security Training
2007-05-17 00:19:00
There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role of the university in addressing the IT security problem. While it’s tempting to view education as synonymous with training, that really does neither concept justice. read more
More About: Security , Education , Training , Ducati , Duca

Options for Storing Password in different methods
2007-05-17 00:14:00
Whatever web language you are programming in (PHP, ASP, etc.) you will no doubt come across the need to implement an authentication or user login system at some point. There is an obvious need to protect passwords in some way, otherwise discovering the password field, through SQL injection or other attack, would allow an attacker to login as another user. read more
More About: Password , Options , Stor , Pass , Methods

Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away
2007-05-17 00:12:00
To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. read more
More About: Force , Keep , Dictionary , Away , Vent

Top 10 Application Security Vulnerabilities In Web.config Files - Part One
2007-05-17 00:06:00
These days, the biggest threat to an organization’s network security comes from its public Web site and the Web-based applications found there. Unlike internal-only network services such as databases-which can be sealed off from the outside via firewalls-a public Web site is generally accessible to anyone who wants to view it, making application security an issue. As networks have become more secure, vulnerabilities in Web applications have inevitably attracted the attention of hackers, both criminal and recreational, who have devised techniques to exploit these holes. read more
More About: Security , Application Security , Vulnerabilities , Part , Files

Encrypt ViewState in ASP.NET 2.0
2007-05-16 23:53:00
In the previous release of ASP.NET, the page developer could turn encryption on and off at the application level through a config setting. When validation was set to 3DES, ViewStat e was encrypted before being rendered in the page. read more
More About: Crypt

Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
2007-05-16 23:50:00
Configuration files such as the Web.config file are often used to hold sensitive information, including user names, passwords, database connection strings, and encryption keys. If you do not protect this information, your application is vulnerable to attackers or malicious users obtaining sensitive information such as account user names and passwords, database names and server names. The sections that usually contain sensitive information that you need to encrypt are the following: read more
More About: Configuration , Sing , Section , Config , Crypt

ASP.NET utility to encrypt credentials and session state connection strings
2007-05-16 23:49:00
This step-by-step article describes how to use the Aspnet_setreg.exe utility to encrypt credentials and session state connection strings. read more
More About: Connection , State , Utility , Sion , Connect

Setting HTTP Session Cookie Path
2007-05-16 22:52:00
Most developers always forget to set the PATH for the session cookies. The path parameter is mainly used as optional cookie setting. It sets the URL path the cookie is valid within. Pages outside of that path cannot read or use the cookie. Example: Set-Cook ie: ASP.NET_SessionId=sdkds09dfjlj; path=/appname; expires Mon, 09-Dec-2002 13:46:00 GMT read more
More About: Http , Sion , Path , Cookie

Five Security Flaws in IPv6
2007-05-16 03:55:00
Ready or not, IPv6 is finally visible on the horizon... And researchers are already finding major security problems with it. IPv6, which is supported in some of the latest OSes and network devices, is all about end-to-end, or peer-to-peer communications. Aside from offering more address space than its IPv4 predecessor -- which has made it immediately popular in some parts of the world -- it offers a redesigned IP packet format that simplifies route processing, making it ideal for applications such as voice over IP or instant messaging. read more
More About: Security , Five

SSL VPN From Your Smartphone
2007-05-16 03:52:00
The SSL VPN is moving out to your smartphone: SSL VPN provider Aventail today will roll out full SSL VPN support for Windows Mobile Smartphone s for more secure remote access to email and other corporate applications. read more

Protect Your Downloadable Files Using HTTP Handlers
2007-05-11 03:40:00
This article attacks a problem for which I have heard many solutions: How can you offer file downloads on the Internet and protect them from unauthorized downloading? read more
More About: Down , Sing , Files , Http , Load