background preloader

SecuriTeam.com

SecuriTeam.com
Related:  Security

Portail officiel de la sécurité informatique - ANSSI - Républiqu Security Systems - Investigación 1. Advisories de Seguridad Vulnerabilidades encontradas por CYBSEC: 2. Políticas de publicación de Vulnerabilidades Ver política de publicación de vulnerabilidades (Formato PDF) Security Vulnerability Disclosure Policy (PDF Format) 3. SAFE: Es un software especialmente desarrollado para evaluar el nivel de seguridad de una implementación SAP/R3. Con SAFE podrá conocer en forma automática y sencilla si una instalación SAP cumple con los principales requerimientos de seguridad que exigen las auditorias y las regulaciones internacionales (Sarbanes Oxley Act, HIPAA, PCI, CobIT, etc.). SAFE realiza un exhaustivo análisis sobre los parámetros de configuración, autorización, comunicación, etc. de la instalación SAP y los compara con las best practices internacionales presentando los resultados mediante reportes en los cuales se indica el valor objetivo a alcanzar. SAFE se encuentra disponible en formato FREE Version y ENTERPRISE Version. Descargar SAFE FREE Version Descargar sapyto

InfoSysSec COMMENT DÉTECTER LES PROCESSUS CACHÉS (VIRUS, ROOTKITS...) + ÉNUMÉRATION AVANCÉE DES PROCESSUS processus, virus, rootkit, caché, process, Source N°49893 Visual Basic, VB6, VB. Bonjour, voilà une source montrant comment avoir la liste des processus cachés qui tournent sur le système (XP ou VISTA). Je suis tombé sur un blog très intéressant, qui détaille plusieurs méthodes d'énumération de processus. Outre les principales méthodes très connues (ordre de la pire à la meilleure : ToolHelp32, EnumProcesses, ZwQuerySystemInformation), il y a des infos sur les méthodes les moins connues, qui permettent de récupérer d'autres PID (process ID) invisibles par les méthodes traditionnelles. J'ai donc codé en .Net à partir de çà notamment. On peut ainsi visualiser, grâce à cette source, les virus/rootkits qui se cachent :-) D'ailleurs au passage, Windows cache aussi certains processus, pour une raison que j'ignore (regedt32.exe par exemple sous XP, des fois caché au démarrage) ???? Je vous invite donc à lire ce blog (en anglais) : Comme nous sommes en langage très haut niveau exclusivement (VB.Net), c'est du USER MODE. Voilà ! Conclusion :

Hispasec - Seguridad Informática CLUSIF | Bienvenue Hardening Linux Web Servers Security is a process, not a result. It is a process which is difficult to adopt under normal conditions; the problem is compounded when it spans several job descriptions. All the system level security in the world is rendered useless by insecure web-applications. The converse is also true—programming best practices, such as always verifying user input, are useless when the code is running on a server which hasn’t been properly hardened. This article will cover installing, configuring and hardening free software web servers and associated software including Apache 2.2.0, MySQL 5.0.18, PHP 5.1.2, Apache-Tomcat 5.5.16 and common Apache modules such as mod_security, mod_ssl, mod_rewrite, mod_proxy and mod_jk. The most common and apt analogy for security is the onion. Only a basic understanding of GNU/Linux and common command line tools is assumed. Note: due to formatting constraints, long lines of code are often broken into several smaller lines using the \ character. Network security nmap

IT Security Ross Anderson's Home Page Ross Anderson [Research] [Blog] [Politics] [My Book] [Music] [Contact Details] What's New Security protocols and evidence: where many payment systems fail analyses why dispute resolution is hard. In a nutshell, the systems needed to support it properly just don't get built (blog). In Why bouncing droplets are a pretty good model of quantum mechanics, we solve an outstanding mystery in physics (see blog posts, three previous papers and older blog posts). Reading this may harm your computer – The psychology of malware warnings analyses what sort of text we should put in a warning if we actually want the user to pay attention to it (blog). 2013 highlights included Rendezvous, a prototype search engine for code; a demonstration that we could steal your PIN via your phone camera and microphone; an analysis of SDN Authentication; and papers on quantum computing and Bell's inequality. Research I am Professor of Security Engineering at the Computer Laboratory. My research topics include:

ISECOM - Institute for Security and Open Methodologies

Related:  securitynewshackSecurity