public marks

PUBLIC MARKS from mbertier with tags security & bestpractices

2007

PHPIDS » Web Application Security 2.0 » Index

by 1 other (via)
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

The Usability of Passwords - Baekdal.com

by 5 others (via)
Passwords can be made both highly secure and user-friendly.

0x000000 ◊ The Hacker Webzine

I've talked about CSRF before, but this time I wanted to show some of the underlying basics of it and explain why it isn't a new trick or something special. It is part of browsers and the way HTTP works, also to remove any argument that POST should be safer then GET. I know this is Internet basics, it still can be refreshing to read it over from time to time.

XSS (Cross Site Scripting) Cheat Sheet

by 17 others (via)
This page is for people who already understand the basics of XSS attacks but want a deep understanding of the nuances regarding filter evasion.

HTML Purifier - Filter your HTML the standards-compliant way!

by 18 others
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

Dangers of CSRF and XSS / Articles / Community

by 1 other (via)
In this article, we will show you how CSRF and XSS work and how to defend against them. To dispel the myths about these attacks, I will assume the role of a hacker and show how the supposedly harmless injection of tiny bits of HTML can perform amazing things, from stealing the user's identity to a completely transparent rewrite of site content.

MySQL: Storing Passwords in MySQL

by 2 others (via)
Securing plain text passwords in MySQL is NEVER a good idea. As a DBA you should take great care in protecting the users' information. Fortunately MySQL provides you with several options to protect passwords.

2006

BindShell.Net: BeEF

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting (XSS) issues in real-time.

PHP Security Consortium: PHPSecInfo

by 8 others (via)
The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Checklist for Securing PHP Configuration | Ayman Hourieh's Blog

by 3 others (via)
Inside is a check list of settings that are intended to harden the default PHP installation.

Fail2ban contre l'attaque par brute force - JujuSeb à la recherche de Linux

by 1 other
La configuration par défaut est suffisante pour se protéger des attaques par brute force et c'est d'ailleurs la force de Fail2ban.

Wapiti - Web application security auditor

by 13 others
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

2005

Securely Edit Your Website Content in WebDAV

by 2 others (via)
Not all file permissions problems on Apache have such simple, and effective, solutions. But this one is very effective, and very simple to set up.

mbertier's TAGS related to tag security

advices +   apache +   audi +   audit +   bestpractices +   clevermarks +   database +   debian +   dev +   example +   firefox +   flash +   framework +   groupe:clever age +   hotlinked +   howto +   http +   introduction +   ipcop +   java +   linux +   microsoft +   mozilla +   mysql +   network +   openid +   php +   php5 +   pki +   ruby +   spam +   sql +   sso +   standards +   testcases +   tools +   usability +   web +   web services +   webdav +   webdev +   writing +   xss +