WordPress Build Review is a tool to check the basic security settings in a WordPress installation. Continue reading
MS SQL Server is Microsoft’s relational database management system with a large number of features and services. With this coverage, there is a large surface area for attack and vulnerabilities. Fortunately, there are a number of security benchmarks and good practice documents available. This article gives an introduction to the security guidelines available and an overview on what key areas to audit and lock down. Continue reading
There are many third-party tools in the security industry that can perform a security audit of your Windows system. Some are standalone executable, some are frameworks, some are free and some you have to shell out money for. But what if you these tools are not available to you, you are stuck with a Windows servers and essentially what Windows has given you. This article will look at executable programs under Windows that can be use audit services. Continue reading
This document is not intended to be a definitive guide, but more of a review of the specific commonly identified issues resulting from the inappropriate deployment of SSL certificates on internal services within a corporate environment. Continue reading
Windows system objects are one of the interesting areas of binary application assessments that are often ignored or misunderstood. Many people don’t realise that abstract Windows application programming concepts such as mutexes, events, semaphores, shared memory sections, and jobs all come together under the purview of the Windows Object Manager. These objects, like those in the filesystem and registry namespaces, have all sorts of interesting security impacts when not properly managed. Continue reading
The previous post about session management was about how to improve the security of web sessions. An aspect which was not addressed in that post is how to identify that a session is not in active use any more but where the user has manually logged out. For example, a user who was using a banking application and closed the tab without logging out the application. Continue reading
Session management is a crucial part of web applications and therefore it is also the target of numerous kinds of attacks. Critical web applications, such as banking applications, require complete control of the users’ sessions to prevent abuses or session hijacking attacks. Continue reading
cspCalculator is a PoC implementation of a dynamic Content Security Policy creator. Continue reading
VulnApp is a vulnerable web application written in ASP.net. Continue reading
This document is not intended to be a definitive guide, but more of a review of the specific security issues resulting from the use of HTML 5. Continue reading