background preloader

IT Security

Facebook Twitter

OWASP Top 10 for .NET developers part 2: Cross-Site Scripting (XSS) In the first post of this series I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed when building .NET apps today – namely accessing data via stored procedures and ORMs – mean most apps have a head start on fending off attackers. Cross-site scripting is where things begin to get really interesting, starting with the fact that it’s by far and away the most commonly exploited vulnerability out there today.

Last year, WhiteHat Security delivered their Website Security Statistics Report and found a staggering 65% of websites with XSS vulnerabilities, that’s four times as many as the SQL injection vulnerability we just looked at. But is XSS really that threatening? Isn’t it just a tricky way to put alert boxes into random websites by sending someone a carefully crafted link? No, it’s much, much more than that. Defining XSS Let’s go back to the OWASP definition: Preventing XSS in ASP.NET Made Easy - Lock Me Down. ASafaWeb - Automated Security Analyser for ASP.NET Websites.

OWASP. SQL Injection Wiki | SQL Injection Cheat Sheets. Troy Hunt. Hack Yourself First - Troy Hunt. Ethical Hacking Tutorials, Tips and Tricks. Free Tutorials, How to's. Hack This Site! Hacking Techniques in Wireless Networks. Prabhaker Mateti Department of Computer Science and EngineeringWright State UniversityDayton, Ohio 45435-0001 This article is scheduled to appear in “The Handbook of Information Security”, Hossein Bidgoli (Editor-in-Chief), John Wiley & Sons, Inc., 2005. 1.

Introduction. 2 2. Wireless LAN Overview.. 3 2.1 Stations and Access Points. 3 2.2 Channels. 4 2.4 Infrastructure and Ad Hoc Modes. 4 2.5 Frames. 4 2.6 Authentication. 5 2.7 Association. 6 3. 3.1 Passive Scanning. 7 3.2 Detection of SSID.. 8 3.3 Collecting the MAC Addresses. 8 3.4 Collecting the Frames for Cracking WEP. 8 3.5 Detection of the Sniffers. 9 4. 4.1 MAC Address Spoofing. 10 4.2 IP spoofing. 10 4.3 Frame Spoofing. 11 5. 5.1 Detection of SSID.. 12 5.2 Detection of APs and stations. 12 5.3 Detection of Probing. 12 6. 6.1 Configuration. 12 6.2 Defeating MAC Filtering. 13 6.3 Rogue AP. 13 6.4 Trojan AP. 13 6.5 Equipment Flaws. 13 7. 7.1 Jamming the Air Waves. 14 7.2 Flooding with Associations. 14 7.3 Forged Dissociation. 14 7.4 Forged Deauthentication. 15.

Computer Security. I Love Free Software5 Best Free Network Packet Sniffer. Here are 5 Best free network packet sniffers that does a fantastic job of packet sniffing. These free packet sniffer can analyze network packets of all outgoing traffic, and analyze information from them. Before we go further, here is a definition of a Packet Sniffer from Wikipedia: A packet analyzer (also known as a network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network.

As data streams flow across the network, the sniffer captures each packet and, if needed, decodes and analyzes its content according to the appropriate RFC or other specifications. As mentioned in definition above, a packet sniffer is also able to sometimes decode and analyze network traffic to extract useful information. Such information could be passwords, or other credentials passed over network. tcpdump.

Linux Journal | The Original Magazine of the Linux Community. Probing the Network | Network Defense and Countermeasures: Assessing System Security | Pearson IT Certification. Perhaps the most critical step in assessing any network is to probe the network for vulnerabilities. This means using various utilities to scan your network for vulnerabilities. Some network administrators skip this step. They audit policies, check the firewall logs, check patches, and so on. However, the probing tools discussed in this section are the same ones that most hackers use.

If you want to know how vulnerable your network is, it is prudent to try the same tools that an intruder would use. Port scanning: This is a process of scanning the well-known ports (there are 1024) or even all the ports (there are 65,535) and seeing which ports are open. A number of tools are freely available on the Internet for active scanning. NetCop FIGURE 12.1 NetCop port scanner. FIGURE 12.2 Screen an IP address with NetCop. FIGURE 12.3 IP Scan results. Finding out which ports are open on a given machine is only half the battle. Over time you will probably memorize several commonly used ports. NetBrute. Change NTFS file and folder permissions. Hi Fellows! Have you ever experienced no permission to access a directory, which is very impotent to you when you are the only administrator account? Message like this, Then this message, When you go to security tab, still not allows to changing the permission of that particular directory. Here is solution, you can change NTFS file and folder permissions using magic command called "icacls".Step1:Open command prompt and type following command to see the permissions list (discretionary access control lists - DACLs)icacls [folder or filepath]oricacls [folderpath] * Step2:To remove all inherit user permissions enter: icacls [folder or filepath] /inheritance:r Step3:To allow permissions to user, enter following both commands : icacls [folder or filepath] /grant administrators:(CI)(OI)Ficacls [folder or filepath]> /grant users:(CI)(OI)R Step4:Now you should be able to change the directory permission.

How to Stop Hackers from Invading Your Network: 13 Steps. Edit Article Unethical hackers (in bad sense of this word) are always looking for weaker points in a network system to hack the security system of your company and get a hold of confidential and new information. Some "black-hat hackers" derive a vicarious pleasure from wreaking havoc on security systems and some hackers do it for money. Whatever may be the reason, malicious hackers are giving nightmares to companies and organizations of almost all sizes. Especially, large corporate houses, banks, financial institutions, security establishments are favorite targets for hackers. However, this menace can be prevented to a great extent if proper security measures are taken at the right time. Ad Steps 1Follow forums. 13Ensure physical security. We could really use your help! Can you tell us aboutclothing reuse? Clothing reuse how to recycle old jeans Can you tell us aboutfashion?

Fashion how to make different cute outfit combinations Can you tell us aboutsobriety? Sobriety how to get and stay sober Tips. I hacked my secure wireless network: here’s how it’s done. Wireless networks are everywhere; they are widely available, cheap, and easy to setup. To avoid the hassle of setting up a wired network in my own home, I chose to go wireless. After a day of enjoying this wireless freedom, I began thinking about security. How secure is my wireless network? I searched the Internet for many days, reading articles, gathering information, and participating on message boards and forums. I soon came to the realization that the best way for me to understand the security of my wireless network would be to test it myself.

Many sources said it was easy, few said it was hard. How a wireless network works A wireless local area network (WLAN) is the linking of 2 or more computers with Network Interface Cards (NICs) through a technology based on radio waves. Access points are base stations for the wireless network. The set of all stations that communicate with each other is referred to as the Basic Service Set (BSS).

Wireless Encryption Packets and IVs The Setup Hardware. Trend Micro Site Safety Center. Networking.