Securityfocus.com has published "Securing MySQL: step-by-step" a guide to locking down your MySQL Server. "MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very...
I have created a quick reference section for the web application penetration tester. This section breaks down some of our documentation into categories a pen-tester would care about. We provide information on Session ID Attacks, Cross Site Scripting, SQL Injection, HTTP Header Modification, Cookie poisoning and more. This new section can be...
Securityfocus.com has released Penetration Testing for Web Applications (Part Three) which talks about Logic programming flaws, Session ID Issues, and mentions a few useful tools that are used for auditing web applications.
I found this interesting article on securityfocus which explains how to use mrtg (a popular traffic monitor tool) to monitor intrusion attempts against a IIS 6.0 machine. "But MRTG is also a very effective intrusion detection tool. The concept is simple: attacks often produce some kind of anomalous pattern and human brains...
"Microsoft Active Directory and Group Policy have a feature-rich set of tools and processes to help save an administrator time and energy in maintaining security within the domain. Locking down a server requires many steps to complete, and depending on the extent to which the server is locked down, it can take...
I have added a Database Server Security section to this site. This will cover database server security specifically. Our first additional is Oracle. Now onto a few site changes: • I have removed the Intrusion detection tab for the time being because I don't feel I'll be working on it for at...
We have added a Apache Tomcat Security page to our application server section. This page will provide links to tutorials, downloads, security documentation, and forums you can go to talk about tomcat security. We will also be releasing a Resin Application server security section on this website sometime this month. Documentation on...
