SECURITY
Change page: < 1 2 3 4 5 >  |  Displaying page 1 of 5, items 1 to 40 of 191.
Multifaceted Tests : Modifying Host Headers & Brute-Force Guessing Usernames and Passwords
Unless an application contains account lockout functionality, an attacker can attempt to log in by brute-force guessing common usernames and passwords. This typically involves brute-force guessing to find a list of valid usernames and then attempting to brute-force passwords.
Multifaceted Tests : Bypassing Field Length Restrictions & Attempting Cross-Site Tracing Interactively
In the target application, you may find an input field that could be vulnerable to stored XSS, but the server truncates the input to a number of characters that seems insufficient to carry out a meaningful XSS attack.
Multifaceted Tests : Making HTTP Requests Using XSS & Attempting DOM-Based XSS Interactively
One of the most powerful tools available to an attacker building an XSS exploit is being able to generate requests to the target website from the victim’s browser and being able to read the responses.
Multifaceted Tests : Stealing Cookies Using XSS & Creating Overlays Using XSS
XSS may seem like a mysterious attack when given the standard detection mechanism of inserting an alert box into a web page. When you find XSS in an application, you may be called upon to demonstrate why it is really a problem.
IIS 7.0 : Securing Configuration - Controlling Configuration Delegation
By default, all IIS configuration sections are declared in applicationHost.config. Each section declaration specifies whether or not this section is available for delegation, based on the Microsoft IIS team’s criteria for whether or not the configuration section is sensitive.
IIS 7.0 : Securing Configuration - Securing Sensitive Configuration
The information in the configuration files in the IIS 7.0 configuration hierarchy is protected by the restricted permissions specified by the NTFS ACLs on each file. These permissions should prevent unauthorized users from being able to access these files.
IIS 7.0 : Securing Configuration - Restricting Access to Configuration
Previous versions of IIS have used a centralized configuration store known as the metabase. IIS 7.0 abandons the metabase in favor of a new configuration system based on a hierarchy of XML configuration files, in order to provide for simpler deployment and more flexible management of the Web server.
Web Security Testing : Changing Sessions to Evade Restrictions & Impersonating Another User
Some applications will prevent attackers from frequently accessing a form or page. One of the ways to bypass these protections is to frequently request new session identifiers so that the attacker appears as many new users rather than a single malicious user.
Web Security Testing : Manipulating Sessions - Analyzing Session Randomness with WebScarab
If you are trying to make the compelling argument that your session IDs are weak, WebScarab makes a very nice presentation. While Burp has a stronger statistical method of determining session-identifier randomness, WebScarab makes patterns in session identifiers visually apparent.
Web Security Testing : Manipulating Sessions - Analyzing Session Identifiers with Burp
If the session identifier can be predicted, an attacker can steal the next user’s session and thus impersonate the user. Random, unpredictable session identifiers are crucial to the security of a web application.
Programming .NET Security : Extending the .NET Framework (part 2) - Defining the Key Exchange Deformatter
The Parameters property returns the parameters of the private key that will be used to decrypt the exchange data; create the result by using the ToXmlString method defined in the AsymmetricAlgorithm class
Programming .NET Security : Extending the .NET Framework (part 1) - Defining the Key Exchange Formatter
Our implementation of the ElGamal encryption functions exposes the "raw" algorithm; that is, unlike the Microsoft RSA implementation, our ElGamalManaged class does not format data prior to encryption.
Programming .NET Security : Programming Cryptographic Keys (part 3) - Key Exchange Formatting
The formatter class is responsible for preparing the session key data prior to encryption with the asymmetric algorithm.
Programming .NET Security : Programming Cryptographic Keys (part 2) - Using Key Persistence
These classes expose a feature of this API that allows asymmetric key pairs to be stored persistently by the operating system; the user does not have to remember the key parameters, which are protected by the Windows account password.
Programming .NET Security : Programming Cryptographic Keys (part 1) - Creating Keys
The simplest way to create keys is to use the functionality built into all of the .NET algorithm classes for both symmetric and asymmetric algorithms.
Deploying a Windows Server 2008 R2 Network Policy Server
The Windows Server 2008 R2 server role that handles NAP is the Network Policy Server role. Installing this role on a server effectively makes it an SHV and an Enforcement Server.
Understanding Network Access Protection (NAP) in Windows Server 2008 R2
NAP in Windows Server 2008 R2 is composed of a series of components that provide for the ability to restrict client access to networks through various mechanisms such as controlling who gets an IP address from a DHCP server or who issues an IPSec certificate.
Programming .NET Security : Cryptographic Keys Explained
When you use cryptography, you simplify problems by relying on your ability to manage secret keys correctly; in essence, you exchange one problem for another (protecting the key), which you expect to be simpler.
Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
IP Security (IPSec), mentioned briefly in previous sections, is essentially a mechanism for establishing end-to-end encryption of all data packets sent between computers.
Windows Server 2008 : Transport-Level Security - Active Directory Rights Management Services
Active Directory Rights Management Services (AD RMS) is a Digital Rights Management (DRM) technology that allows for restrictions to be placed on how content is managed, transmitted, and viewed.
Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2
Windows Server 2008 R2 includes a built-in Certificate Authority (CA) technology that is known as Active Directory Certificate Services (AD CS).
Deploying a Public Key Infrastructure with Windows Server 2008 R2
The term Public Key Infrastructure (PKI) is often loosely thrown around, but is not often thoroughly explained. PKI, in a nutshell, is the collection of digital certificates, registration authorities, and certificate authorities that verify the validity of each participant in an encrypted network
Introduction to Transport-Level Security in Windows Server 2008 R2
Although some organizations put in firewalls or encrypt files, the implementation of security at the transport-level is yet another level of security important in the design and implementation of a protected network environment.
Windows Server 2008 : Using Windows Server Update Services
In response to the original concerns regarding the difficulty in keeping computers properly patched, Microsoft made available a centralized website called Windows Update to which clients could connect, download security patches, and install those patches.
Programming .NET Security : Programming XML Signatures (part 3) - Verifying an XML Signature
Begin verifying the signature by loading the XML Signature document (which you have saved as the file xmlsig.xml) into an instance of the SignedXml class
Programming .NET Security : Programming XML Signatures (part 2) - Embedding Objects in the Signature
By including the data in this way, you create an XML document that contains the data that was signed, details of how the signature was created, and the signature itself, which allows Alice to send a single XML document to Bob when exchanging signed messages.
Programming .NET Security : Programming XML Signatures (part 1) - XMLDSIG Explained & Signing an XML Document
The .NET Framework supports the XML Signature specification (commonly referred to as XMLDSIG), which provides a standard approach to creating and representing signatures for XML documents.
Windows Server 2008 : Examining File-Level Security
The latest revision of the NT File System (NTFS) is used in Windows Server 2008 R2 to provide for file-level security in the operating system. Each object that is referenced in NTFS, which includes files and folders, is marked by an access control entry (ACE) that physically limits who can and cannot access a resource.
Server 2008 : Hardening Server Security
Depending on the size of an organization, a server might be designated for one or multiple network roles. In an ideal world, a separate server or servers would be designated to handle a single role, such as DHCP server or DNS server.
Server 2008 : Using the Integrated Windows Firewall with Advanced Security
The firewall with advanced security is fully integrated with the Server Manager utility and the Server Roles Wizard. For example, if an administrator runs the Server Roles Wizard and chooses to make the server a file server, only then are those ports and protocols that are required for file server access opened on the server.
Server 2008 : Deploying Physical Security
One of the most overlooked but perhaps most critical components of server security is the actual physical security of the server itself. The most secure, unbreakable web server is powerless if a malicious user can simply unplug it.
Programming .NET Security : Programming Digital Signatures (part 3) - Using the Signature Formatter Classes
For the RSA algorithm, the hash codes are generated using an instance of System.Security.Cryptography.HashAlgorithm, provided as an argument to the SignDataVerifyData methods
Programming .NET Security : Programming Digital Signatures (part 2) - Using the Implementation Class
For the RSA algorithm, the hash codes are generated using an instance of System.Security.Cryptography.HashAlgorithm, provided as an argument to the SignDataVerifyData methods
Programming .NET Security : Programming Digital Signatures (part 1) - Using the Abstract Class
The abstract System.Security.Cryptography.DSA class defines the CreateSignature method, which accepts a SHA-1 hash code that will be PKCS #1 formatted and signed
Programming .NET Security : Digital Signatures Explained
Digital signatures are a different application of the asymmetric algorithms . You use an asymmetric key pair to create a "signature" for a message by adding a signature function to the asymmetric algorithm.
Programming .NET Security : Programming Asymmetrical Encryption
The .NET Framework takes the same approach to representing asymmetric algorithms as it does for symmetric algorithms and hashing algorithms; abstract classes extend the System.Security.Cryptography.AsymmetricAlgorithm class for each of the supported algorithms.
Programming .NET Security : Asymmetric Encryption Explained (part 2) - Creating the Encrypted Data
Asymmetric algorithms use much longer keys than symmetric algorithms. In our examples, we selected small values to demonstrate the key generation protocol, but the numeric values used in practice contain many hundreds of digits.
Programming .NET Security : Asymmetric Encryption Explained (part 1) - Creating Asymmetric Keys
Most asymmetric algorithms use keys that are very large numbers, and the RSA algorithm is no exception. In this section, we demonstrate the RSA key generation protocol and provide you with some general information about the structure and usage of asymmetric keys.
Programmatic Security (part 6) - Assembly-Wide Permissions
Instead of type-based or even method-based security configuration, you can declaratively apply security permission attributes to an entire assembly, affecting every component in the assembly
Programmatic Security (part 5) - Permission Set Attributes
You can declaratively instruct .NET to take a security action, such as demanding or asserting a permission set, using the PermissionSetAttribute class
 
Top 10
Installing the Exchange Server 2010 prerequisites
Algorithms for Compiler Design:
Business Intelligence in SharePoint 2010 with Business Connectivity Services : Consuming External Content Types (part 3) - Business Connectivity Services Web Parts
Windows Azure : Static reference data (part 2) - Performance disadvantages of a chatty interface & Caching static data
The Membership Data Store
Optimizing an Exchange Server 2010 Environment - Analyzing and Monitoring Core Elements
Algorithms for Compiler Design: IMPLEMENTATION in Bottom-up Parsing
Collaborating Within an Exchange Server Environment Using Microsoft Office SharePoint Server 2007 : Customizing and Developing MOSS Sites
Microsoft Malicious Software Removal Tool
Modifying Display Appearance and Video Settings
Most View
BizTalk 2006 : Building a Resequencing Aggregator
Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
Windows 7 : Understanding User Account Control and Its Impact on Performance
Algorithms for Compiler Design: THE LR PARSER
Port-Binding Shellcode
Building Android Apps: Web SQL Database (part 4) - Deleting Rows
Silverlight : Play a Video
Windows Phone 7 Development : Understanding Trial and Full Modes (part 1) - Using the IsTrial Method
iPhone Application Development : Understanding Interface Builder
Server 2008 : Hardening Server Security
Managing Local User Accounts and Groups in Vista
Using Windows Phone 7 Technologies : Retrieving Accelerometer Data (part 1)
iPhone Application Development : Creating User Interfaces
Programming with DirectX : Textures in Direct3D 10 (part 1) - Textures Coordinates
Installing SQL Server 2008
Defensive Database Programming with SQL Server: The Ticket-Tracking System (part 2) - Removing the performance hit of ON UPDATE CASCADE
Android’s Securable IPC Mechanisms
Windows 7 :Navigating Your Computer with the Address Bar (part 1) - Accessing Locations on Your Computer
Advanced ASP.NET : Component-Based Programming - The ObjectDataSource
Windows 7 : Using Advanced Security Options (part 2) - Configuring Windows Defender