We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Those familiar with Java recognize the security concept of a sandbox. For those that aren't, it's the concept that everyone gets a unique, well-equipped sandbox to play in, and a person in one sandbox isn't allowed into anyone else's sandbox, not even to share anything with anyone else.. . .
MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very effective security mechanisms.. . .
When the lights went out in Gotham on Thursday afternoon, Jim Simmons got busy. He's the CEO for availability systems at SunGard Data Systems (SDS ). Headquartered in Wayne, Pa., SunGard helps companies survive disasters. That means providing services ranging from . . .
In the first installment of this series we introduced the reader to web application security issues and stressed the significance of input validation. In the second installment, several categories of web application vulnerabilities were discussed and methods for locating these vulnerabilities . . .
Lance Spitzner submits If there's any way you could could contribute, I'd really appreciate this. I set up a very simple visit-to-fingerprint page to gather p0f signatures for the new version (which is getting more and more interesting, I . . .
Unix permissions are flexible and can solve almost any access control problem, but what about the ones they can't? Do you really want to make a group every time you want to share a file with another user? Perhaps you don't . . .
There is no questioning the need for identity management solutions to protect enterprise assets, enhance corporate governance, facilitate compliance with privacy regulations and more. Yet, according to some experts, a sizable portion of the corporate world has yet to fully embrace . . .
Well, well, well. You have installed the latest Linux distribution and stopped all unnecessary services. You also set-up a set of Netfilter rules that would make the Pentagon Security Department envy you. You drool with delight. But. . .
Although some advancement was made in the field of active operating system fingerprinting in the recent years, still, there are many issues to resolve. This paper presents the enhancements made with Xprobe2 v0.2 RC1 and discusses the tool's future development. Both . . .
Declaring hidden malware to be "a growing threat," the National Security Agency's cybersecurity chief is calling on Congress to fund a new National Software Assurance Center dedicated to developing advanced techniques for detecting backdoors and logic bombs in large software applications. . . .
This a paper about how a hacker uses LDAP Injection to Steal Your Data and Bypass authentication. It's as simple as placing additional LDAP Query commands into input fields in Web Form or Query strings allowing hackers complete access to . . .
Deciding how to maintain the integrity of a system for use in a forensic examination can be a little like deciding which club to use to get out of the rough on the last hole of a golf tournament, i.e. the . . .
A network intruder will look for security weaknesses at every point in your network architecture. If you have adequately locked down the Physical, Data Link, Network, and Transport layers of your network, the wily hacker will simply move up to those . . .
One of Samba's strengths is you can use it to blend your mix of Windows and Linux machines without needing a separate Windows NT/2000 Server. In this article, we describe some recommended methods for accomplishing a large scale Samba installation. Our . . .
Last year I wrote a two-part paper about SQL Injection and Oracle. That paper explored which SQL injection techniques are possible with Oracle, gave some simple examples on how SQL injection works and some suggestions on how to prevent attackers and . . .
Linux is capable of high-end security; however, the out-of-the-box configurations must be altered to meet the security needs of most businesses with an Internet presence.This article shows you the steps for securing a Linux system called hardening the server using both . . .
I'm not sure why they became so complacent in their analysis of these threats, particularly since the first major worm, launched in 1988 by Robert Morris, was released on Unix systems that used the well-known Sendmail messaging program. I guess everyone . . .
In my previous article ("Securing Apache: Step-by-Step") I described the method of securing the Apache web server against unauthorized access from the Internet. Thanks to the described method it was possible to achieve a high level of security, but only when . . .
This is the first in a series of three articles on penetration testing for Web applications. The first installment provides the penetration tester with an overview of Web applications - how they work, how they interact with users, and most importantly . . .
This is a cumulative announcement for several updates which have occurred in the last three months. I'll start with the latest. Linux 2.4.21-ow1 is out and available for download at the usual location. . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
