Latest ArticlesIntroduction to Incident ResponseMay 2nd, 2008 in securityThe purpose of this tutorial is to provide a basic introduction to incident response. This document is by no means comprehensive, it is intended as a starting point, and provides a framework for approaching a broad spectrum of security incidents. Read More... Connecting To a Remote MySQL Server Securely Using SSH Port ForwardingMay 1st, 2008 in mysqlBrief instructions on how to set up local port forwarding to allow for a secure MySQL connection by tunneling through an existing SSH session. This allows for encryption as well as the ability to bypass firewalls that allow remote SSH connections but block remote MySQL connections. Read More... Web Hacking Lesson 6May 1st, 2008 in securityArbitrary code execution vulnerabilities are the most damaging sorts of vulnerabilities to find in web applications. A web application that exposes an attacker to a direct connection provides an easy route for system compromise. At the very least this sort of application will ensure a server compromise. Discovering, and preventing, code execution vulnerabilities is critical for developers in order to protect the systems that host their web applications. Read More... Web Hacking Lesson 5April 30th, 2008 in securityFile upload vulnerabilities (and local file disclosure vulnerabilities) are some of the most devastating vulnerabilities in PHP applications. Learning how to spot these sort of vulnerabilities, and prevent them, is critical to web application developers. In this, the fifth installment of the web hacking lessons, we explore how file file upload and local file inclusion vulnerabilities can be exploited to compromise a web application's security. Read More... Web Hacking Lesson 4April 29th, 2008 in securityPHP file include vulnerabilities are some of the most destructive that an attacker can exploit. By allowing an attacker to include remote PHP code in the compilation of your scripts, or by allowing the attacker to include arbitrary code from your filesystem, a web application can malfunction badly and lead to a system compromise. This article is the fourth installment of the Web Hacking Lesson series that accompanies a sample PHP/MySQL application that can be downloaded for live exercises. Read More... LinksApril 21st, 2008 in linksLong, long ago, people used to publish links to their favorite websites on their own homepages. This tradition helped to boost traffic and create rings of sites that shared information, purpose, and respect. Of course, this was long before the age of the commercial information. Now that everyone is concerned with 'retaining eyeballs' nobody wants to share their precious traffic with anyone other than their click through ads. In an effort to be retro and to register my disgust with the way the internet has come to function I'm posting up this page of my favorite links. I hope you find them useful. Read More...  AnnouncementsRSS |