Posts Tagged ‘Webserver’

Microsoft release the Web Application Configuration Analyzer 2.0

May 19th, 2011 Mourad Ben Lakhoua

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. The list of best practices is derived from the Microsoft Information Security & Risk Management Deployment Review Standards used internally at Microsoft to harden production and pre-production environments for line of [...]

Share
Posted in Best Practices, Web Security Tags: , , , , 26 Comments »

Two New HTTP POST Attack Tools Released

November 30th, 2010 Mourad Ben Lakhoua

During 2010 OWASP Application Security Conference at Washington, researchers demonstrated how it is possible to conduct a new form of distributed denial of service “that floods the web server with a slow HTTP traffic. Currently there is two free utility that may perform this attack d “R U Dead Yet?” and OWASP HTTP POST Tool [...]

Share
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: , , , 19 Comments »

Detecting & Bypassing Web Application Firewalls (part 2)

May 30th, 2010 Mourad Ben Lakhoua

There is no single ideal system in the world, and this applies to Web application firewalls too (WAF’s). While the advantages and positive features far outweigh the negative in WAF’s, one major problem is there are only a few action rules allowed. The white list is expanding, and requires more development efforts because it is [...]

Share
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: , , , 10 Comments »

Detecting & Bypassing Web Application Firewalls (part 1)

May 23rd, 2010 Mourad Ben Lakhoua

When we hear the term firewall, most people think of the network filtering solution. But have you heard about the web application firewall (WAF)? Web applications have some serious vulnerabilities, and WAF provides a very important extra protection layer to the web solution. Hackers can find access points through errors in code, and we find [...]

Share
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: , , , 12 Comments »

Apache Website Owned!

August 31st, 2009 Mourad Ben Lakhoua

Apache Software Foundation website was down last Friday after hackers compromised SSH key to one of their main servers. Secure Shell is a very popular technology that can provides a secure servers remote administration, well if the hackers manage to upload a rootkit or Trojan over the download package of apache website, this can cause [...]

Share
Posted in Cybercrime, News, Web Security Tags: , , , , 5 Comments »
Twitter Delicious Facebook Digg Stumbleupon Favorites More
Powered by WordPress | Designed by: Best SUV | Thanks to Toyota SUV, Ford SUV and Best Truck