Musings on Information Security: January 2007

skip to main | skip to sidebar

_ Where facts are few, experts are many

Home
Menu
Daily IT Security News
Contact
- Mail
Subscribe to Feed

Secure Web Applications - Alexios Fakos

| 0 comments ]

A friend and colleague of mine, namely Alexios Fakos has published a Book under the title of Sichere Web Anwendungen, unfortunately it is german only. If you'd like to know how to code hardened Applications I heartly recommend this Book.

A free Chapter of the Book can be found here

Links to this post

Newer Posts Older Posts Home

About Me

Thierry Zoller: Welcome to my personal Blog where I blog about Information Security and in general anything I regard as newsworthy. On the professional side I am currently working as a Lead of Threat and Vulnerability Management at Verizon Business.

Quick-links
▪ About me / Profile
▪ Tools / Talks / Whitepapers
▪ My vulnerability disclosure policy
▪ Contact Me

The views and opinions expressed on this blog are my personal views and are not intended to reflect the views of my employer or any other entity.

View my complete profile

Follow @thierryzoller

Follow by Email

Subscribe to RSS

Subscribe in a reader

Cluster Map

Popular Posts

The BEAST summary - TLS, CBC, Countermeasures (Update 4)

Lots of good information floating on the internet on the Proof of Concept (dubbed 'BEAST) against TLS 1.0 by Juliano Rizzo and Thai Du...
IIS 6 / IIS 5 / IIS 5.1+ Webdav auth bypass [Final]

Table of Contents Updates Bulletins Am I at risk ? Tools Technical details 0.1 Personal message Several news stories seem to allu...
Storing password securely - hashses, salts and bit stretching put into context

Introduction Due to the latest row of high profile websites being compromised and parts of the password hashes being published h...
PCI compliance, Security in isolated systems and Parking Tellers (Part1)

A colleague of mine spotted the below while doing expenses - The photograph below shows two separate receipts from two parking buildings t...
Attacker Classes and Pyramid (Version 3)

This is a living blog post I will update whenever I have time and new ideas. TOC Introduction Updates Attacker Classes Attacker Pyr...

Recent Comments

Powered by Disqus

Blogs I read

Leblanc

MSDN Blogs - MSDN Blogs - Learn more about the MSDN Blog Platform at the MSDN Blogs - Help blog! Provide Site Feedback on MSDN Blogs
45 seconds ago
Securosis Highlights

Spying on the Spies - The Washington Post says US Officials claimed Chinese hackers breached Google to determine who the US wanted Google to spy on. In essence the 2010 Aurora...
13 hours ago
Krebs on Security

Conversations with a Bulletproof Hoster - Criminal commerce on the Internet would mostly grind to a halt were it not for the protection offered by so-called "bulletproof hosting" providers -- the o...
17 hours ago
Claude Adam

Meeting Alexander Bonde - Am Rande des Frühjahrsgipfels des NATO Parlamentes in Luxemburg hatte ich ein informelles Gespräch mit Alexander Bonde, Minister für Ländlichen Raum und Ve...
18 hours ago
Troy Hunt

Your login form posts to HTTPS, but you blew it when you loaded it over HTTP - Here’s an often held conversation between concerned website user and site owner: *User:* “Hey mate, your website isn’t using SSL when I enter my password...
22 hours ago
Schneier on Security

Security Risks of Too Much Security - All of the anti-counterfeiting features of the new Canadian $100 bill are resulting in people not bothering to verify them. The fanfare about the securit...
22 hours ago
Lenny Zeltser on Information Security

Several Posts on Malware Analysis Tools - [image: image] In the past weeks I published several posts describing malware analysis tools and approaches at other blogs: - Installing the REMnux V...
2 days ago
VRT

Java Web Start or as it should be called "Sure go ahead and run what you like" - Late last month, Immunity published a blog post concerning a new way to escape the Java security warnings using a novel and simple method, by using the con...
5 days ago
Didier Stevens

Quickpost: Signed PDF Stego - A signed PDF file is just like all signed files with embedded signatures: the signature itself is excluded from the hash calculation. Open a signed PDF doc...
5 days ago
A Few Thoughts on Cryptographic Engineering

On cellular encryption - If you're interested in technology/privacy issues then you probably heard last week's big news out of the Boston Marathon case. It comes by way of former...
1 week ago
IBM Internet Security Systems Frequency X Blog

April 2013 Super Tuesday -
1 week ago
mossmann's blog

Giving Away HackRF - The HackRF project has been open source from the very beginning. Even before we started the project, Jared Boone and I wanted to have an open source hardwar...
1 week ago
The New School of Information Security

The Onion and Breach Disclosure - There’s an important and interesting new breach disclosure that came out yesterdau. It demonstrates leadership by clearly explaining what happened and offe...
1 week ago
Privacy Law Blog

Protecting Privacy or Enabling Fraud? Employee Social Media Password Protection Laws May Clash with FINRA Rules - Jessica Goldenberg As a growing number of states pass legislation which will protect individuals’ social media accounts from employer scrutiny, they have...
1 week ago
root labs rdist

Keeping skills current in a changing world - I came across this article on how older tech workers are having trouble finding work. I’m sure many others have written about whether this is true, whose f...
2 weeks ago
Uncommon Sense Security

You know stuff. Share it. We’ll help. - You know stuff, you’ve seen interesting things, done interesting research, have a unique perspective. You also know that the ability to communicate effe...
2 weeks ago
/dev/ttyS0

Finding All Paths Between Two Functions in IDA - A common need that I have when reversing code is to find all possible code paths between two functions. Say for example that I’m looking for calls to dange...
3 weeks ago
TaoSecurity

Practice of Network Security Monitoring Table of Contents - Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monitoring. The TOC...
3 weeks ago
contagio

Blackhole redirect story - Blackhole 2 redirect story *1. Victim searches for jobs and internships on Google, and the sun is shining* GET /url?sa=t&rct=j&q=internships%2008734&sou...
3 weeks ago
The iSecLab Blog [by Faculty and Students];

Could the AP Twitter hack have been prevented? - Twitter hacks can cause a lot of damage. It is news of this week that the Associated Press Twitter account got compromised, and sent a tweet announcing tha...
3 weeks ago
Ma petite parcelle d'Internet...

NoSuchCon : le programme est (vraiment) en ligne - L e programme de No Such Conference est en ligne. Vous pouvez le consulter ici : http://www.nosuchcon.org/#schedule Speakers : http://www.nosuchcon.org/#sp...
5 weeks ago
Carnal0wnage & Attack Research Blog

Rails - Guard, Brakeman, and Bundler-Audit - Thanks to the efforts of Justin Collins (@presidentbeef - Brakeman) and Hal Brodigan (@postmodern_mod3 - Bundler-Audit), Rails developers (and Sinatra) ca...
5 weeks ago
LuxLegal

Actualités: Google, Youtube et la Sacem - Données personnelles : action répressive contre Google Le 2 avril 2013, les autorités de protection des données de six pays européens (l’autorité luxembour...
1 month ago
Java security and related topics

Randomly failed! Weaknesses in Java Pseudo Random Number Generators (PRNGs) - This will be a sum up of a Paper written by Kai Michaelis, Jörg Schwenk and me, which was presented at the Cryptographers' Track at RSA Conference 2013. ...
1 month ago
Scrammed!

Binary Instrumentation for Exploit Analysis Purposes (part 2) - *Introduction.* This is the second part of the article about binary instrumentation for exploit analysis purposes and this time we will discuss a real pdf ...
1 month ago
CrySyS Blog

Teamspy: bulbanews or vulvanews – a funny note? - From Wikipedia: Bulba From Wikipedia, the free encyclopedia Bulba (Бульба, [ˈbulʲba]) is a concert dance based on Belarusian folk traditions, choreographed...
2 months ago
Chatter on the Wire: How excessive network traffic gives away too much!

File updates to go with site change - I've been quite happy with the quick turn around that those that are using or have links to Satori have been able to update blog posts, urls, and in this c...
2 months ago
woanware

snorbert v1.0.8 - Changes Fixed bug in copy functionality Modified the NetWitness query generation as the generated query was too complex. Thanks ChrisB Added Find window/fu...
2 months ago
GreyHatHacker.NET

Bypassing Windows ASLR using “skype4COM” protocol handler - While investigating an unrelated issue using SysInternals Autoruns tool I spotted a couple of protocol handlers installed on the system by Skype. Knowing t...
2 months ago
Amrit Williams Blog

Red Dawn: Unit 61398 – Now What? - Some of my ‘so-called’ friends that help organize the RSA Security Bloggers event have decided that folks that attend should actually have blogged somethin...
2 months ago
Cognitive Dissidents

#RSAC is what you make of it - … Q: Are you going to RSA? A: Of course. RSA is mandatory punishment for people like me. Like I said just before RSA USA 2012, each year at RSA I want to q...
3 months ago
Security

Exploiting 64-bit Linux like a boss - Back in November 2012, a Chrome Releases blog post mysteriously stated: "Congratulations to Pinkie Pie for completing challenge: 64-bit exploit". Chrome pa...
3 months ago
Metasploit

New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590 - In this blog post we would like to share some details about the exploit for CVE-2010-2590, which we released in the last Metasploit update. This module e...
5 months ago
Androguard

Androguard 1.9 - Hi folks ! After pacsec conference in Tokyo, we finished few things to have a new version. And it is the time to release it ! We fixed a lot of things, bug...
5 months ago
Secure Belief

My Journey to OSCP - This all started when I enrolled for PWB, the most exciting course in network security. I had enough days to spend in lab but the pressure was to complet...
5 months ago
ax330d's blog

Announcing first release of PVT - I am happy to announce first public release of my project - PVT. Excerpt from the documentation: PVT is a PHP extension designed to make search of security...
6 months ago
newsoft's fun blog

L’échec du e-commerce français - J'ai envie d'un Google Galaxy Nexus. C'est quand même pratique pour tester Android 4.1 ou webOS 1.0. Pas de problème, puisque la page officielle de Google ...
6 months ago
Fun Over IP

Metasploit stager: reverse_https with basic authentication against proxy - 1. Introduction If reverse_https does an amazing job by supporting proxy server and NTLM authentication, it exists some situations where the proxy server o...
7 months ago
CryptoLUX - Recent changes [en]

MediaWiki:Sidebar -
7 months ago
Digital Forensics is a Science

Mobile Device Forensics - Course Update - It's been a few weeks since the last update, but things have been busy. The Fall 2012 term is now in Week 5 (wow, the semester is flying by). We've covered...
7 months ago
Cup of Security

Free Mobile ou Roaming Orange, vérifiez le vous-même avec votre iPhone ou smartphone Android - Si comme moi vous avez changé d'opérateur Mobile pour Free Mobile, vous n'avez pas pu passer à côté des lourdes accusations portées contre Free Mobile par ...
1 year ago
...And You Will Know me by the Trail of Bits

Pwn2Own Pre-Game - Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses “Bug Hunting and Analysis 0×65” by Aaron Portnoy and ...
1 year ago
Nynaeve

NWScript JIT engine: Wrap-up (for now) - Yesterday, I provided a brief performance overview of the MSIL JIT backend versus my implementation of an interpretive VM for various workloads. Today, I’l...
2 years ago
rmhrisk.wpengine.com/

-

Show 10 Show All

Blog Archive

► 2013 (2)
- ► March (2)

► 2012 (11)
- ► November (1)
- ► August (2)
- ► July (1)
- ► June (4)
- ► May (2)
- ► March (1)

► 2011 (10)
- ► December (3)
- ► November (1)
- ► October (2)
- ► September (2)
- ► August (2)

► 2010 (6)
- ► August (1)
- ► July (1)
- ► March (2)
- ► February (2)

► 2009 (80)
- ► November (2)
- ► October (1)
- ► September (3)
- ► July (3)
- ► June (2)
- ► May (22)
- ► April (16)
- ► March (17)
- ► February (7)
- ► January (7)

► 2008 (31)
- ► December (2)
- ► November (7)
- ► October (7)
- ► September (3)
- ► August (12)

▼ 2007 (7)
- ► October (1)
- ► May (1)
- ► April (2)
- ► March (1)
- ► February (1)
- ▼ January (1)
  - Secure Web Applications - Alexios Fakos

► 2006 (6)
- ► December (1)
- ► August (2)
- ► March (1)
- ► February (1)
- ► January (1)

► 2005 (9)
- ► October (1)
- ► April (7)
- ► January (1)

► 2000 (1)
- ► March (1)

Links

Schneier on Security
Brian Krebs on Security
Lenny Zeltser
Malware LU
CryptoLux
Unmitigated Risk
TaoSecurity - Bejtlich
root labs rdist
Securosis Blog
Trail of Bits
Sid's Blog [FR]
Fun over IP
Hack.lu
Joe Sandbox
SVEN

Labels

0day (7)
Advisory (53)
Bluetooth (3)
BTcrack (5)
Hardware hacking (1)
How-to (7)
Interesting Reads (6)
Lectures (2)
Misc (10)
Omron 3S4YR-MVFW Card reader (3)
Rants from Thierry (19)
Tool (16)
Vulnerabilties (11)
Whitepaper (3)

Copyright Musings on Information Security Template by Michael Jubel