+

Archive for / 'Articles'

July 1, 2011


Web Applications: Testing and Securing Your Code

With the high demand for applications and information, companies have made data readily and easily available. Web applications, to keep in touch with friends, download music, or order a new espresso machine, are used so commonly you seldom think about how the information is presented to you. From this article you will find out how […]

Read more

July 1, 2011


An overview of Web Application Security Issues

Web application security is very much in its infancy – some security experts believe this is going to be a major emerging area of technology. Nowadays web apps are more complex and are based on a client-server architecture. This architecture is evolving and we see web apps such as Google Apps acting as a word […]

Read more

July 1, 2011


Why are there So Many Command and Control Channels Part Two

In his last article Matt Jonkman wrote about Command and Control Channels, or CnCs. In this one he continues the topic of CnC channels and take up the discussion of the individual categories. He also describes some up to date examples of many of these cathegories out of the Emerging Threats Sandnet. By Matt Jonkman […]

Read more

June 15, 2011


Ask the Social Engineer: Exploitation of the Human OS – The Human Buffer Overflow

Total domination is the goal for a penetration tester in every pentest – To utterly hack the company and demonstrate their true exposure to malicious attacks. Obtaining code execution is the easiest and most direct way to reach this goal. Social Engineering professionals are no different. by Chris Hadnagy Comments

Read more

June 15, 2011


From Fuzz To Sploit

By now everyone has heard of buffer overflows and a lot have been hearing about it for the last 15+ years. Through this time period there have been many techniques evolved both to combat vulnerabilities as well as persist attack and exploitation. As security is most often most thought of as an afterthought it is […]

Read more

June 15, 2011


Exploit Kits – Cybercrime Made Easy

The playing field for cybercrime has changed. It has become wide open. Many of the top attack exploit toolkits are now free! Symantec released its 2010 Symantec Internet Security Threat Report the first week in April 2011. Their executive summary states that Symantec recorded over 3 billion malware attacks in 2010 and yet one stands […]

Read more

June 15, 2011


Software Exploitation: Development Flaw or Malicious Intent

It’s been said that lazy programmers make good programmers. Yet, it’s hard to understand why laziness would be considered one of the virtues of a good programmer let alone a virtue at all. By this point – however – I’m sure you’re probably already asking why I’m bringing up laziness in relation to programming. by […]

Read more

June 15, 2011


The Top 25 Software Vulnerabilities and How to Avoid Them

Top 25 Most Dangerous Software Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software […]

Read more

June 15, 2011


Why Is Password Protection a Fallacy – a Point of View?

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t. A password is a secret word or string of characters that is used for authentication, […]

Read more

June 2, 2011

Articles admin Comments Off

A Hole in Your Access Control!

A couple of days ago I was called out to a do a security audit on a company’s internal network security and its access control. The audit was asked to be done on a specific day that the company chose.The reason behind that was to ensure I get no interference from their Network/System Administrator. I […]

Read more

June 2, 2011

Articles admin Comments Off

PSN Hack: Where Risk Management and Reality Collide

There have been many column inches dedicated to the PlayStation Network, which was taken offline following a breach. It has been a high-profile incident and has left Sony management red-faced with many questions thrown at them – not all of which have been answered convincingly. It is simply not possible to protect against all possible […]

Read more

June 2, 2011

Articles admin Comments Off

Obscuring the Truth

Veiled in a world of pseudo-randomized padded nulls lies the answer in plain sight, laughing at you mockingly. It’s really only a matter of connecting the dots… Or is it? Can the answer be shielded better by simply adding more dots to connect? Does this help or hinder, and whom? Encryption is a double-edged sword […]

Read more

IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa