public marks

PUBLIC MARKS from mbertier with tags security & clevermarks

February 2008

Gnu Privacy Guard tutorial, part 1 || kuro5hin.org

This article will be a tutorial overview of using Gnu Privacy Guard to generate your own public keys. It will also discuss some of the principles of public key systems.

Automated security updates in Debian « N0T a Blog

by 3 others (via)
Subscribing to the security mailing lists is a must for every sysadmin, but who has the stamina and the determination to actually read them, and then analyze the impact of both the threat and the proposed fix? A more casual user with no life-or-death-critical servers would happily settle for a solution that would download and install the security patches automatically. As always in Linux, there is more than one way of achieving this. cron-apt works for me.

SignServer 3.0 - Home

(via)
The SignServer is an application framework performing cryptographic operations for other applications. It's intended to be used in environments where keys are supposed to be protected in hardware but there isn't possible to connect such hardware to existing enterprise applications or where the operations are considered extra sensitive so the hardware have to protected more carefully. Another usage is to provide a simplified method to provide signatures in different application managed from one location in the company.

January 2008

Welcome to REMO | REMO - Rule Editor for ModSecurity

(via)
This is a project to build a graphical rule editor for ModSecurity with a positive/whitelist approach.

Jeremiah Grossman: New Flash XSS technique (thousands of websites at risk)

(via)
- Move Flash files to a secondary domain – just as is recommended with all third-party / user generated / untrusted content. This solution has promise as it sets up some domain barriers in the event a vulnerable Flash file shows up linked from your website.

December 2007

Suhosin 0.9.21 - XSS Protection - PHP Security Blog

It has been a very long time since the last Suhosin extension has been released, but today this has changed with the release of Suhosin 0.9.21. Among the changes are two new features that will protect applications that put too much trust into the SERVER variables from several XSS (and SQL injection) attacks. These features are suhosin.server.strip and suhosin.server.encode.

November 2007

September 2007

PHPIDS » Web Application Security 2.0 » Index

by 1 other (via)
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

August 2007

GreenSQL - Open Source Database Firewall Solution

by 4 others
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license

The Usability of Passwords - Baekdal.com

by 5 others (via)
Passwords can be made both highly secure and user-friendly.

June 2007

HTML Purifier - Filter your HTML the standards-compliant way!

by 18 others
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

mbertier's TAGS related to tag security

advices +   apache +   audi +   audit +   bestpractices +   clevermarks +   database +   debian +   dev +   example +   firefox +   flash +   framework +   groupe:clever age +   hotlinked +   howto +   http +   introduction +   ipcop +   java +   linux +   microsoft +   mozilla +   mysql +   network +   openid +   php +   php5 +   pki +   ruby +   spam +   sql +   sso +   standards +   testcases +   tools +   usability +   web +   web services +   webdav +   webdev +   writing +   xss +