Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

My new article on heise Security

Here is my newest article, published on heise Security.
 
This time it’s about the Web-Security tool "CSRFTester" from The Open Web Application Security Project (OWASP). It’s a short overview how to use the CSRFTester to identify "Cross Site Request Forgery" vulnerabilites in web applications.
 
Here is the link to the article: http://heise.de/-1735223
 
Enjoy yourself!

HAKIN9 IT Security Magazin - 12/2011

Well, here is my next article for the German HAKIN9 IT Security Magazin. This time it’s about Web-Security and it holds three examples (XSS, SQL-Injection and Blind SQL-Injection) about, how to identify and fix vulnerabilites in web applications. Tools used for this one are Netsparker Community Edition from mavitunasecurity, Arachni and sqlmap.
 
And of course not to forget, a big special THANKS to Dr. Philip Walter for his great support!
 
Well, enough of the words, here are the links: HAKIN9 IT Security Magazin – 12/2011 or here
 
Enjoy yourself!

Cross-site scripting (XSS) - What's that and how to identify them?

On my blog are some vulnerabilities called "Cross-site scripting" or "XSS", but what exactly is a Cross-site scripting?

A Cross-site scripting attack is a type of a html injection and the problem is always when a web application accept user input and generates the output without validating or encoding it. This flaw makes it possible for an attacker to inject a malicious script – like javascript – to access cookies, session tokes or some other sensitive information stored in the user’s browser, because it thinks the script came from a trusted source.  

They are some different possibilties to identify XSS vulnerabilities:

- use a web security scanner, like xsser, arachni, Nikto
- test/review the code for places with user input which possibly ends into HTML output
(contact forms, search forms …)
 
Continue reading "Cross-site scripting (XSS) - What's that and how to identify them?"

Network Security - Check Point IPS SoftwareBlade - HTTPS Inspection

With the R75.20 release, a Check Point Security Gateway is ready for HTTPS inspection (Supported blades: Data Loss Prevention (DLP), Anti Virus, Application Control, URL Filtering, and IPS).
 
I wrote a short howto about the configuration and here are the links to the PDF and to the Wiki
 
Further information can be found here:
 
 
Enjoy yourself!

 

HAKIN9 IT Security Magazin - 07/2011

My second article "Mobile security – Secure workspaces with Check Point Abra" is published in the latest edition of the security magazine hakin9.
 
So, here’s the free download – http://de.hakin9.org/magazine/1748-mobiles-internet
 
Further information, about Check Point Abra, can be found on the Check Point website – http://www.checkpoint.com/products/abra/
 
Enjoy yourself ;) !
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170