|
File Inclusion Attacks
(4/2008)  »File Inclusion Attacks In the realm of web application vulnerabilities, file inclusion attacks are one of the most dangerous. What makes this type of attack so dangerous? »Hacking RSS Feeds: Insecurities in Implementing RSS Feeds This paper sheds light on the insecure coding practices that affect RSS based web applications and also on their flexibility. The advent of Web 2.0 has enhanced the mobility of content. The inclusion of content has become the sole basis for the interworking of websites. »Alternate Data Streams or “Doctor Jekyll and Mr. Hyde” Move to NTFS (Part II) In the first part, we saw just the possibilities respectively: how simple it is to attach, extract and launch malicious code hidden in ADS. In the following examples, we will show a full program (script) that acts like a virus and exploits ADS in order to make itself invisible and damage a system. »All in Memory Execution under Linux During a computer intrusion, a good attacker has to pay close attention to the traces he could leave on the remote target. The following article will describe different techniques that provide enough discretion in order to bypass the usual countermeasures. »The Real Dangers of Wireless Networks Most of us have read exactly how easy it is to gain access to Wireless Networks – but once you have access, did you really realise how easy it was to have passwords to any internet traffic, or how easy it was to manipulate and sniff this traffic? »How to Deploy Robustness Testing Today’s software companies design and test their code using the well-accepted, familiar method of positive testing. Still, all communications software appears to be infested with securitycritical bugs that can be misused to crash the software or to take total control of the device running the software. Codenomicon website (www.codenomicon.com)  »Protecting Data in a Postgres Database What if the cracker has the ultimate power to see and do things they are not authorized to possess? What if they acquire the privileges of the superuser himself? »Global Thermonuclear War – Shall We Play a Game? There's a movie I think everyone in the security world has likely seen. Wargames, Matthew Broderick as a teenager that accidentally builds a relationship with WOPR and nearly triggers a nuclear strike because humans relied too heavily on machines. »Consumers Test - Choose the Right Router If you accept the tubes or pipes analogy of the Internet, then router are essentially the fittings and valves in the pipes of the Internet. Since their invention, their underlying principle is largely unchanged: A router takes traffic from one network and relays it to connected networks on a path toward each packet's destination network. Over time many additional functions have been added: Routers can analyze packets in transit. »Interview with Nicolaas Vlok Changing challenges to opportunities, Nicolaas Vlok is leading Vision Solutions to become an unprecedented force within today’s information availability industry by providing business continuity solutions to customers around the world. »Self Exposure by Mike Chan and Bing Liu This section is tointroduce people who take part in IT Security development and reinforcement. |
|
