programming4us
programming4us
SECURITY
Change page: < 1 2 3 4 5 6 7 8 9 10 11 12 >  |  Displaying page 7 of 12, items 241 to 280 of 444.
AVG Internet Security 2012
AVG’s antivirus engine uses four detection techniques: signature, polymorphic, heuristic and behavioural. The last two are similar, both looking at software behaviour to determine whether it’s malicious.
Unravelling the mobile security conundrum
What do you look for in a mobile phone? As well as the ability to make calls - and no-one really cares about that - the modern smartphone hosts a standard feature set: email, a web browser and multimedia capability.
Three rising cybercrime threats
Just when you think you've safeguarded yourself from electronic security risks, along comes a new exploit to keep you up at night John Brandon explains three up and coming threats, and how to beat them
2012: the year of the mobile threat
Smartphones will become more dominant in 2012 and beyond, leaving PC shipments in the dust. That will bring big benefits but also big risks.
DrayTek Vigor 3200n
A working internet link is crucial to most businesses, so it is sensible to have access to multiple connections. In case of the main DSL wide area network (WAN) crashing, a prepared link will keep the business online.
What the cyberhackers do with your personal information
When the online shopping store Zappos announced to its customers that names, email addresses, invoices and delivery address as well as phone numbers and the last 4 digits of their credit cards could be exposed in a data leakage in January, it emphasized that “credit card information and important payment data weren’t affected or accessed.”
Multifaceted Tests : Attempting Server-Side Includes (SSI) Injection Systematically, Attempting Log Injection Interactively & Attempting LDAP Injection Interactively
If an application does not carefully handle user input before adding it to LDAP queries, a malicious user can modify query logic to authenticate herself without knowing any credentials, get access to sensitive information, and even add or delete content.
Multifaceted Tests : Attempting XPath Injection Interactively & Attempting Server-Side Includes (SSI) Injection Interactively
XML Path Language (XPath) injection is an attack similar to SQL injection that is a potential vulnerability when sensitive information in an application is stored in XML files rather than in a database.
Multifaceted Tests : Attempting Command Injection Interactively & Attempting Command Injection Systematically
Command injection is a method that an attacker can use to execute arbitrary commands on the target server. An application is vulnerable to command injection if it takes input from untrusted sources and inserts it into commands sent to the underlying operating system without proper input validation or output encoding.
Multifaceted Tests : Attempting PHP Include File Injection Interactively & Creating Decompression Bombs
A decompression bomb is a compressed file that is very small but expands to a disproportionately large amount of data. This recipe will discuss how such decompression bombs can be created.
Programming .NET Components : Addressing Other Security Issues
A partially trusted assembly can still implement interfaces defined in a strongly named assembly, because interfaces have no implementations to protect and the compiler doesn't change their definitions.
Programming .NET Components : Principal-Based Security
.NET component-based security isn't a cure-all. There is still a need to verify that the user (or the account) under which the code executes has permission to perform the operation.
Programming .NET Components : Visual Studio 2005 and Security
Visual Studio 2005 has a few features that cater to code access security. First, it allows developers of ClickOnce applications to specify the permissions required for their ClickOnce applications.
Multifaceted Tests : Modifying Host Headers & Brute-Force Guessing Usernames and Passwords
Unless an application contains account lockout functionality, an attacker can attempt to log in by brute-force guessing common usernames and passwords. This typically involves brute-force guessing to find a list of valid usernames and then attempting to brute-force passwords.
Multifaceted Tests : Bypassing Field Length Restrictions & Attempting Cross-Site Tracing Interactively
In the target application, you may find an input field that could be vulnerable to stored XSS, but the server truncates the input to a number of characters that seems insufficient to carry out a meaningful XSS attack.
Multifaceted Tests : Making HTTP Requests Using XSS & Attempting DOM-Based XSS Interactively
One of the most powerful tools available to an attacker building an XSS exploit is being able to generate requests to the target website from the victim’s browser and being able to read the responses.
Multifaceted Tests : Stealing Cookies Using XSS & Creating Overlays Using XSS
XSS may seem like a mysterious attack when given the standard detection mechanism of inserting an alert box into a web page. When you find XSS in an application, you may be called upon to demonstrate why it is really a problem.
IIS 7.0 : Securing Configuration - Controlling Configuration Delegation
By default, all IIS configuration sections are declared in applicationHost.config. Each section declaration specifies whether or not this section is available for delegation, based on the Microsoft IIS team’s criteria for whether or not the configuration section is sensitive.
IIS 7.0 : Securing Configuration - Securing Sensitive Configuration
The information in the configuration files in the IIS 7.0 configuration hierarchy is protected by the restricted permissions specified by the NTFS ACLs on each file. These permissions should prevent unauthorized users from being able to access these files.
IIS 7.0 : Securing Configuration - Restricting Access to Configuration
Previous versions of IIS have used a centralized configuration store known as the metabase. IIS 7.0 abandons the metabase in favor of a new configuration system based on a hierarchy of XML configuration files, in order to provide for simpler deployment and more flexible management of the Web server.
Web Security Testing : Changing Sessions to Evade Restrictions & Impersonating Another User
Some applications will prevent attackers from frequently accessing a form or page. One of the ways to bypass these protections is to frequently request new session identifiers so that the attacker appears as many new users rather than a single malicious user.
Web Security Testing : Manipulating Sessions - Analyzing Session Randomness with WebScarab
If you are trying to make the compelling argument that your session IDs are weak, WebScarab makes a very nice presentation. While Burp has a stronger statistical method of determining session-identifier randomness, WebScarab makes patterns in session identifiers visually apparent.
Web Security Testing : Manipulating Sessions - Analyzing Session Identifiers with Burp
If the session identifier can be predicted, an attacker can steal the next user’s session and thus impersonate the user. Random, unpredictable session identifiers are crucial to the security of a web application.
Programming .NET Security : Extending the .NET Framework (part 2) - Defining the Key Exchange Deformatter
The Parameters property returns the parameters of the private key that will be used to decrypt the exchange data; create the result by using the ToXmlString method defined in the AsymmetricAlgorithm class
Programming .NET Security : Extending the .NET Framework (part 1) - Defining the Key Exchange Formatter
Our implementation of the ElGamal encryption functions exposes the "raw" algorithm; that is, unlike the Microsoft RSA implementation, our ElGamalManaged class does not format data prior to encryption.
Programming .NET Security : Programming Cryptographic Keys (part 3) - Key Exchange Formatting
The formatter class is responsible for preparing the session key data prior to encryption with the asymmetric algorithm.
Programming .NET Security : Programming Cryptographic Keys (part 2) - Using Key Persistence
These classes expose a feature of this API that allows asymmetric key pairs to be stored persistently by the operating system; the user does not have to remember the key parameters, which are protected by the Windows account password.
Programming .NET Security : Programming Cryptographic Keys (part 1) - Creating Keys
The simplest way to create keys is to use the functionality built into all of the .NET algorithm classes for both symmetric and asymmetric algorithms.
Deploying a Windows Server 2008 R2 Network Policy Server
The Windows Server 2008 R2 server role that handles NAP is the Network Policy Server role. Installing this role on a server effectively makes it an SHV and an Enforcement Server.
Understanding Network Access Protection (NAP) in Windows Server 2008 R2
NAP in Windows Server 2008 R2 is composed of a series of components that provide for the ability to restrict client access to networks through various mechanisms such as controlling who gets an IP address from a DHCP server or who issues an IPSec certificate.
Programming .NET Security : Cryptographic Keys Explained
When you use cryptography, you simplify problems by relying on your ability to manage secret keys correctly; in essence, you exchange one problem for another (protecting the key), which you expect to be simpler.
Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
IP Security (IPSec), mentioned briefly in previous sections, is essentially a mechanism for establishing end-to-end encryption of all data packets sent between computers.
Windows Server 2008 : Transport-Level Security - Active Directory Rights Management Services
Active Directory Rights Management Services (AD RMS) is a Digital Rights Management (DRM) technology that allows for restrictions to be placed on how content is managed, transmitted, and viewed.
Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2
Windows Server 2008 R2 includes a built-in Certificate Authority (CA) technology that is known as Active Directory Certificate Services (AD CS).
Deploying a Public Key Infrastructure with Windows Server 2008 R2
The term Public Key Infrastructure (PKI) is often loosely thrown around, but is not often thoroughly explained. PKI, in a nutshell, is the collection of digital certificates, registration authorities, and certificate authorities that verify the validity of each participant in an encrypted network
Introduction to Transport-Level Security in Windows Server 2008 R2
Although some organizations put in firewalls or encrypt files, the implementation of security at the transport-level is yet another level of security important in the design and implementation of a protected network environment.
Windows Server 2008 : Using Windows Server Update Services
In response to the original concerns regarding the difficulty in keeping computers properly patched, Microsoft made available a centralized website called Windows Update to which clients could connect, download security patches, and install those patches.
Programming .NET Security : Programming XML Signatures (part 3) - Verifying an XML Signature
Begin verifying the signature by loading the XML Signature document (which you have saved as the file xmlsig.xml) into an instance of the SignedXml class
Programming .NET Security : Programming XML Signatures (part 2) - Embedding Objects in the Signature
By including the data in this way, you create an XML document that contains the data that was signed, details of how the signature was created, and the signature itself, which allows Alice to send a single XML document to Bob when exchanging signed messages.
Programming .NET Security : Programming XML Signatures (part 1) - XMLDSIG Explained & Signing an XML Document
The .NET Framework supports the XML Signature specification (commonly referred to as XMLDSIG), which provides a standard approach to creating and representing signatures for XML documents.
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
REVIEW
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
programming4us
 
 
programming4us