HTTP Authentication Vulnerability

Release Date: 2006-06
Hakin9_4_2006_en
Rating: 4 votes

Issue_contents

» Problems with HTTP Authentication
» Analysis of Network Traffic
» Weaknesses of Anti-virus Programs
» Penetration testing in practice
» Social Engineering Attacks
» XSS in practice
» Port Scanning a violation of property rights
» Why is there no anti-virus?
» Tool – TDFS’s TCP/IP Packets Unlimited
» Tool – loghound

Articles

  • Problems with HTTP Authentication

    Authentication is a technique of identification based on knowledge. HTTP provides natural functionality of HTTP authentication. In this article, Emilio will concentrate on basic authentication, which is more widespread among clients and Web servers but also less secure.

     Read Online
    - Emilio Casbas
  • Analysis of Network Traffic
    If you administer a network of any kind you can be certain that sooner or later it will become a target of an attack. However, you are capable of eliminating, or at least significantly reducing any chances of its success. Bartosz will show you how to analyse the network traffic. Read Online
    - Bartosz Przybylski
  • Weaknesses of Anti-virus Programs

    The moment the First Programmer created the First Program, the probability of attempts being made to attack it increased by one. Robert will describe how anti-virus programs detect the presence of a virus in the system and how to perform an attack against a system using an anti-virus program.

     Read Online
    - Robert Majdanski
  • Penetration testing in practice

    Penetration testing often takes place in situation where the management doesn’t fully trust the IT department. It is sometimes ordered by the IT department itself to show its excellent work. However, this is not the case covered by this case study. Leran more about penetration test from Miroslav’s article.

     Read Online
    - Miroslav Ludvik
  • Social Engineering Attacks

    Somebody has once accurately called social engineering ‘hacking the mind’. It is an arithmetic average of social engineering proper (exerting pressure and manipulating people) with cracking (breaking into IT systems). The combination of these two mechanisms results in a powerful tool, the destructive power of which many still remain unaware of.

     Read Online
    - Tomasz Trejderowski
  • XSS in practice

    Internet has become more and more important. Millions of dollars are invested in websites. Big businesses don’t work with simple HTML sites anymore; everything has to be dynamic these days. But by giving people the opportunity to insert data on a website, the chance of getting vulnerable gets bigger. Roderick will present XSS attacks in practice.

     Read Online
    - Roderick W. Lucas
  • Port Scanning a violation of property rights

    It is a common misconception that a lack of new statues makes all actions over the Internet legal unless expressly prohibited. This is a misconception as old laws do apply to new technology as well. The response to a property right is a general duty on other people not to interfere with the res (thing).

     Read Online
    - Craig S Wright
  • Why is there no anti-virus?

    Konst will present his ideas on Microsoft activity – why they don’t add an anti-virus program to their software.

     Read Online
    - Konstantin Klyagin
  • Tool - TDFS's TCP/IP Packets Unlimited

    TTpU is a tool written to be able to generate any kind of TCP/IP packet with the possibility to specify a lot of IP and TCP options.

     Read Online
    - Alberto Maria Scattolo
  • Tool - loghound

    LogHound is a tool that was designed for finding frequent patterns from event log data sets with the help of a breadth-first frequent itemset mining algorithm.

     Read Online
    - Stefan Lochbihler
Back

Comments

276 comments, Add comment
Add comment

Advertisement