background preloader

ModSecurity: Open Source Web Application Firewall

ModSecurity: Open Source Web Application Firewall
Related:  Security Training

Certified Information Security Consultant (CISC) 6 Months, Training, Course, Certification - Institute of Information Security, Mumbai(India) CISC is 6 months training in information security for amateurs and professionals to make you an expert in the field of Information Security. The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree only, as well as those already in industry wishing to advance their skills in this constantly evolving area. Many companies are actively recruiting security specialists and this course will prepare graduates for senior technical and management positions in many industry sectors. CISC training The CISC training is designed to make you an expert in the domain of information security. Benefits of CISC The CISC is the only completely hands-on, real-world oriented security certification. Schedule Course is of 4 hrs from Monday to Friday Course Contents Testimonials Faculties are good & very helpful. Ashish NageshkarStudent The teaching way and knowledge of Mahesh is really excellent, the extra things he shares keeps us competitive. Suleiman Farouk

Web Application Security Statistics Download pdf version Download Security Statistics 2007 The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. We ascertain which classes of attacks are the most prevalent regardless of the methodology used to identify them. Industry statistics such as those compiled by Mitre CVE project provide valuable insight into the types of vulnerabilities discovered in open source and commercial applications, this project tries to be the equivalent for custom web applications. Goals Identify the prevalence and probability of different vulnerability classes.Compare testing methodologies against what types of vulnerabilities they are likely to identify. As a result, we now have 4 data sets: General analysis T. 3 Vulnerabilities by impact

CryptAGE, tout sur la cryptographie 15 Penetration Testing Tools That Every Pen-Tester Can Use! 1) Metasploit This penetration testing framework is very popular amongst hackers and penetration testers all over the world. It is based on the 'exploit' concept, which refers to a code that can break past a system's security measures. 2) Wireshark Compatible with a variety of platforms, including Windows, Linux, Solaris, FreeBSD and others, this is the most popular network protocol analyser used by ethical hackers and penetration testers today. 3) w3af This is a web application attack and audit framework that can be used for fast HTTP requests, injecting payloads etc. 4) CORE Impact This is a software that can be used for penetration testing on networks, mobile devices, password identification, password cracking and other activities. 5) Back Track This is one of the best known penetration testing platforms based on the Linux kernel. 6) Netsparker This is a web application scanner that identifies vulnerabilities and can also be used for SQL injection. 7) Nessus 8) Burpsuite 9) Cain & Abel 13) Retina

Web Application Firewall Evaluation Criteria Get WAFEC 1.0 WAFEC 1.0 is available in several formats: PDF version, HTML Version and Text Version Please note that WAFEC, like all other WASC projects, is distributed under the creative common license. Please respect this license. Particularly note that the license requires that if you use the information you attribute it to WASC and WAFEC. WAFEC Response Matrix 1.0 Download WAFEC response matrix The WAFEC response matrix translates WAFEC into an easy to use standardized tool. Usage guidelines: The WAFEC team is working on the next version of WAFEC. for more details refer to the WAFEC 2.0 page.

Ping Tutorial: 15 Effective Ping Command Examples As you already know, ping command is used to find out whether the peer host/gateway is reachable. If you are thinking ping is such a simple command and why do I need 15 examples, you should read the rest of the article. Ping command provides lot more options than what you might already know. Ping Example 1. By default ping waits for 1 second before sending the next packet. Increase Ping Time Interval Example: Wait for 5 seconds before sending the next packet. $ ping -i 5 IP Decrease Ping Time Interval Example: Wait 0.1 seconds before sending the next packet. # ping -i 0.1 IP Note: Only super user can specify interval less than 0.2 seconds. $ ping -i 0.1 PING 0 ( 56(84) bytes of data. ping: cannot flood; minimal interval, allowed for user, is 200ms Ping Example 2. Before checking whether the peer machine is reachable, first check whether the local network network is up and running using any one of the following 3 methods. Ping localhost using zero (0) Ping localhost using name

PING - Le Tutorial Facile Stats Nov 2010 82'909 Visiteurs 146'476 Pages196 paysStatistiques completes Aidez-nous à traduire nos tutoriaux! Réseau Ping Dern. mise à jour: 22-09-2010 If you like our tutorials, don't hesitate to support us and visit our sponsors! Ping - Table des matières Vue d'ensemble d'un paquet ICMP Fonctionnement de Ping Connectivité d'un hôte Congestion réseau (RTT) Longueur du voyage (TTL) Echo Request Echo Response Windows Linux ADRESSE IP and NOM D'HÔTE Ping est un outil bien connu pour vérifier la connectivité réseau entre deux hôtes IP. Ping est installé par défault sur les systèmes d'exploitation Windows, Apple et Linux/Unix. Vue d'ensemble d'un paquet ICMP Fonctionnement de Ping Ping envoie des très petits paquets vers un hôte IP qui va répondre en envoyant des paquets en retour. Haut de la Page Examinons une étude de cas où deux machines appelées Paris et Berlin "pingent" une machine appelée "". Ping depuis la machine Linux (Paris) vers "": Paris: ping ping B

Web Application Firewalls: How to Evaluate, Purchase and Implement A Web application firewall (WAF) is designed to protect Web applications against common attacks such as cross-site scripting and SQL injection. Whereas network firewalls defend the perimeter of the network, WAFs sit between the Web client and Web server, analyzing application-layer traffic for violations in the programmed security policy, says Michael Cobb, founder of Cobweb Applications, a security consultancy. While some traditional firewalls provide a degree of application awareness, it's not with the granularity and specificity that WAFs provide, says Diana Kelley, founder of consultancy Security Curve. For instance, the WAF can detect whether an application is not behaving the way it was designed to, and it enables you to write specific rules to prevent that kind of attack from reoccurring. WAFs also differ from intrusion prevention systems. Main WAF Attributes The web application firewall market is still undefined, with many dissimilar products falling under the WAF umbrella.

SMSI et ISO 27001 On réduit souvent la problématique de la documentation d'un SMSI a besoin de construire un systèmes documentaire sur 4 niveaux : Mais les besoins de construire la documentation d'un SMSI vont bien au delà du seul besoin de documenter les processus liés à la sécurité. La rédaction des procédures doit permettre une meilleure compréhension du processus. Le fait d’écrire facilite un raisonnement rationnel scientifique. Il faut s'inspirer des études et recherches sur les enjeux, bénéfices de la documentation de la qualité dans une organisation ISO 9000. Un référentiel qualité ISO 9000 constitue un outil de management des connaissances qui conduit à une explicitation et une diffusion des savoirs dans l'entreprise. un processus de partage d'expériences développant de fait des aptitudes techniquesla transformation de concepts en connaissances explicitesun moyen d'assimilation de ces connaissances explicites en savoirs faire opérationnels Néanmois certains freins sont plus spécifiques aux SMSI :

Want To Learn Wi-Fi Hacking? Here Are 10 Good Websites For You! 1.WildPackets WildPackets Inc, founded in 1990, develops hardware and software solutions that drive network performance, enabling organisations of all sizes to analyse, troubleshoot, optimise, and secure their wired and wireless networks. 2.Wireshark Wireshark is the world's foremost network protocol analyser. 3.Cracking WEP Using Backtrack: A Beginner’s Guide This tutorial is intended for user’s with little or no experience with linux or wifi. 4.How To Crack WEP and WPA Wireless Networks With the popularity of wireless networks and mobile computing, an overall understanding of common security issues has become not only relevant, but very necessary for both home/SOHO users and IT professionals alike. 5.Ethical Hacker Network The Ethical Hacker Network is the brainchild of Donald C. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. 7.Wi-foo

Password Checker - Evaluate pass strength, dictionary attack Here Are 200+ Tutorial Videos On Cryptography! 1. CISSP Training - Cryptography Description: This video on Cryptography is part of our CISSP certification Training Series. 2. This is a talk from Google Tech Talks 2007. 3. Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. 4. This is a class lecture on AES from the Washington University. 5. Tutoaraon homomorphic encryption by Shai Halevi, presented at Crypto 2011 in Santa Barbara, CA. 6. These are 200 tutorial videos that can be quite useful for Cryptography learners. 7. If that's not enough for you, here are another eight tutorial videos on the subject.

Research Labs Cost: FreeSource Code: GitHubVersion: (XMAS edition)Requirements: .Net FrameworkLicense: GPLRelease Date: 2008-12-14Recent Changes:Fixed incorrect links spider bugAdded time anomaly functionality in back-end scanner.Added easy access (and icons) to findings in back-end scanner.Fixed executable finding occasionally not showing bug. Wikto is Nikto for Windows - but with a couple of fancy extra features including fuzzy logic error code checking, a back-end miner, Google-assisted directory mining and real time HTTP request/response monitoring.

TUTO HACK - Attaque avec Metasploit Framework (ARMITAGE) - Pwned & Co © Yeaaaah bienvenue à toutes et à tous sur cet article qui va traiter d'un des nombreux outils disponibles sur Backtrack 5 R2. Nous allons aborder aujourd'hui un outil que j'aime beaucoup car il permet de faire beaucoup de choses. Il s'agit de Metasploit Framework, un outil développé par les labos de Rapid7 en langage Ruby, disponible sous Linux et Windows. Cet outil est constitué d'une enorme base de données régulièrement mise à jour d'exploits (failles de logiciels), de payloads (trojans), et de modules auxiliaires (scans et autres). Nous allons donc voir aujourd'hui la création d'un trojan et son utilisation, ainsi que l'interface graphique ARMITAGE, qui nous permet de piloter Metasploit de façon visuelle, plutôt qu'en lignes de commandes. Je voulais publier la partie Metasploit en ligne de commandes dans ce tuto, mais sa rédaction me demande un peu plus de temps. Comme d'habitude, les commandes sont écrites en "orange" (LHOST = IP machine attaquante) (LPORT = PORT machine attaquante)