-
Microsoft Frontpage Overflow
First off sorry for the lag on site updates. I'll be gone all next week and I've been busy. A chunked encoding overflow has been discovered in fp30reg.dll which can allow a remote attacker to execute commands. More importantly this took 11 months to get fixed. Rele vant information from the advisory. "Public disclosure on…
-
Oracle Application Server 9i and RDBMS Multiple SQL Injection Vulnerabilities
"Oracle's RDBMS, a leading database server package, supports stored packages and procedures through the use of PL/SQL. These packages and procedures can be accessed through Oracle's Application Server's Portal module. Oracle Application Server is a web server designed for Oracle applications. Many of the PL/SQL packages and procedures are vulnerable to SQL Injection. Using these…
-
“The Anatomy of Cross Site Scripting” Paper released
libox.net has released a cross site scripting paper which provides examples of bad php code, and also talks a little bit about automating an attack. Additional papers on XSS can be found in our Cross Site Scripting section. “Cross site scripting (XSS) flaws are a relatively common issue in web application security, but they are…
-
OpenSSL Multiple vulnerabilities
Four security issues have been discovered in Openssl. Below are the relevant snippets from the advisory below. "1. Certain ASN.1 encodings that are rejected as invalid by the parser can trigger a bug in the deallocation of the corresponding data structure, corrupting the stack. This can be used as a denial of service attack. It…
-
“What is IIS Security?”
Joe Lima from Port80 Software Inc. has released an article on IIS Security fundamentals. What IIS Security?
-
Two new Blind SQL Injection papers released
This week two new papers on blind sql injection have been released. The first paper was released by Webcohort goes into detail on how to detect blind sql injection, and how to carry out an attack. The paper released by Spidynamic's "SPI Labs" covers similar information, but also contains example 'fixes' for ASP.NET, and JSP…
-
Securing MySQL: step-by-step
Securityfocus.com has published "Securing MySQL: step-by-step" a guide to locking down your MySQL Server. "MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very effective security mechanisms.…
-
Added Penetration Testing Section
I have created a quick reference section for the web application penetration tester. This section breaks down some of our documentation into categories a pen-tester would care about. We provide information on Session ID Attacks, Cross Site Scripting, SQL Injection, HTTP Header Modification, Cookie poisoning and more. This new section can be found on the…
-
Penetration Testing for Web Applications (Part Three)
Securityfocus.com has released Penetration Testing for Web Applications (Part Three) which talks about Logic programming flaws, Session ID Issues, and mentions a few useful tools that are used for auditing web applications.
-
MRTG for Intrusion Detection with IIS 6
I found this interesting article on securityfocus which explains how to use mrtg (a popular traffic monitor tool) to monitor intrusion attempts against a IIS 6.0 machine. "But MRTG is also a very effective intrusion detection tool. The concept is simple: attacks often produce some kind of anomalous pattern and human brains are well-equipped to…
-
Basic IIS Lockdown Using Scripts and Group Policy
"Microsoft Active Directory and Group Policy have a feature-rich set of tools and processes to help save an administrator time and energy in maintaining security within the domain. Locking down a server requires many steps to complete, and depending on the extent to which the server is locked down, it can take up to several…
-
Database Server section added
I have added a Database Server Security section to this site. This will cover database server security specifically. Our first additional is Oracle. Now onto a few site changes: • I have removed the Intrusion detection tab for the time being because I don't feel I'll be working on it for at least a few months.…
-
Tomcat security page added
We have added a Apache Tomcat Security page to our application server section. This page will provide links to tutorials, downloads, security documentation, and forums you can go to talk about tomcat security. We will also be releasing a Resin Application server security section on this website sometime this month. Documentation on Resin and Tomcat…
-
Microsoft released Ebook on web security
Microsoft has released a massive 919 page ebook covering everything from how to lock down your web server, web services, web applications, and web application servers. This book is worth a read and I highly recommend it. Improving Web Application Security: Threats and Countermeasures, June 2003 (PDF) (6.7 Meg)
-
Site additions
I have recently added Web Services Security, and WebSphere sections to this site. Sometime this month I will also be adding a Weblogic, Apache, and IIS security sections that will provide documentation, and links to relevant security resources. If there is something you would like to add, or see please Email me
-
Cumulative Patch for Internet Information Service
SPI Labs and NSFocus have discovered multiple holes in IIS. Two denial of service conditions exist that can allow an attacker to cause IIS to stop responding. One Cross site scripting issue exists in the 302 redirection pages, and one buffer overflow that allows command execution as the webserver user. The buffer overflow requires the…
-
Apache Pre 2.0.46 Denial of Service
Below is a snippet from the apache advisory. Apache 2.0.46 Major changes Security vulnerabilities closed since Apache 2.0.45 *) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered remotely through mod_dav and possibly other mechanisms, causing an Apache child process to crash. The crash was first reported by David Endler and was researched and fixed…
-
Sun One Application Server Multiple vulnerabilities
SPI Labs Has identified four issues in the popular Sun One application server. They range from Source code theft, Log evasion, Cross site scripting, and plaintext administrative password storage. Sun One Multiple Issues
-
IIS Security and Programming Countermeasures e-book released
Jason Coombs has released this 440 page e-book on IIS security, and secure programming. Worth a read if you run IIS on a production system.
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack