Section: .. / papers / general /
| /// File Name: |
022805.txt |
Description:
|
This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.
| | Author: | Amit Klein | | Homepage: | http://webappsec.org/ | | File Size: | 25702 | | Last Modified: | Feb 28 19:15:11 2005 |
| MD5 Checksum: | 87eb98b564a55d22d12c7b83e9641965 |
|
| /// File Name: |
041607.html |
Description:
|
The Web Application Security Consortium is proud to present 'The Importance of Application Classification in Secure Application Development'.
| | Author: | Rohit Sethi | | Homepage: | http://www.webappsec.org/ | | File Size: | 44216 | | Last Modified: | Apr 18 20:40:46 2007 |
| MD5 Checksum: | 067f062ee0605f2c9e32f8a6614d533c |
|
| /// File Name: |
050819-securing-mac-os-x-tiger.pdf |
Description:
|
Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/white-papers/ | | File Size: | 751834 | | Last Modified: | Aug 26 00:55:07 2005 |
| MD5 Checksum: | 021cca9d23a8be3656a5f08e6bc300ec |
|
| /// File Name: |
2004_11.txt |
Description:
|
Electronic Frontier Foundation Media Release - Presidential Votes Miscast on E-voting Machines Across the Country. Voters from at least half a dozen states reported that touch-screen voting machines had incorrectly recorded their choices, including for president.
| | Author: | Cindy Cohn,Matt Zimmerman | | Homepage: | http://www.eff.org/news/archives/2004_11.php#002062 | | File Size: | 3620 | | Last Modified: | Nov 4 22:43:21 2004 |
| MD5 Checksum: | 801f5c3f4e63747cba6eb681b9c7e8f4 |
|
| /// File Name: |
3Steps.rar |
Description:
|
Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.
| | Author: | cross | | Homepage: | http://x1machine.com/ | | File Size: | 425458 | | Last Modified: | Mar 30 15:46:13 2009 |
| MD5 Checksum: | 2850b46fa8d6679464eb53efefc006a9 |
|
| /// File Name: |
A_Modular_Approach_to_Data_Validati..> |
Description:
|
This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use can be released. The paper begins with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. A modular approach is introduced together with practical examples of how to implement such a scheme in a web application. It also provides information on common attack vectors, principles of validation, a modular solution and implementation of that solution.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/ | | File Size: | 382808 | | Last Modified: | Apr 12 14:59:25 2006 |
| MD5 Checksum: | a0b2f3ac1b5d56c1eb5b580c14a11f16 |
|
| /// File Name: |
abc.pdf |
Description:
|
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats.
| | Author: | Paul Ducklin | | Homepage: | http://www.sophos.com | | File Size: | 99449 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 234140dc38979cbe235a915f9e495f15 |
|
| /// File Name: |
acros.txt |
Description:
|
CaIRA: Computer and Internet-Related Acronyms. 1,725 acronyms and abbreviations with definitions and explanations. Includes a listing of all internet country abbreviations.
| | Author: | Raven | | Homepage: | http://blacksun.box.sk | | File Size: | 119341 | | Last Modified: | Feb 3 11:35:16 2000 |
| MD5 Checksum: | 81861a7a8afc090fb589e09620587a27 |
|
| /// File Name: |
address-spoof.txt |
Description:
|
Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6. Due to formatting issues when sent , additional notes regarding the attacks are appended.
| | Author: | Amit Klein | | Homepage: | http://www.trusteer.com/ | | File Size: | 15579 | | Last Modified: | Oct 27 18:38:09 2008 |
| MD5 Checksum: | 5bf24bf420c7b4f9d6da416472832ec8 |
|
| /// File Name: |
adobe-heap.pdf |
Description:
|
Whitepaper called Adobe Reader's Custom Memory Management: A Heap Of Trouble.
| | Author: | Haifei Li | | Homepage: | http://www.fortinet.com/ | | File Size: | 1240472 | | Last Modified: | Apr 24 12:55:20 2010 |
| MD5 Checksum: | 86dbc3e7c60a1529b0cacbc87e0cc94c |
|
| /// File Name: |
agents.txt |
Description:
|
The Evolution of Malicious Agents. This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet.
| | Author: | Lenny Zeltser | | Homepage: | http://www.zeltser.com/agents | | File Size: | 48331 | | Last Modified: | May 3 18:20:38 2000 |
| MD5 Checksum: | badaef580cc6781fc436d7fe02f5cce9 |
|
| /// File Name: |
Altering_ARP_Tables_v_1.00.htm |
Description:
|
Altering ARP Tables v1.00 - This paper is dedicated to ARP tables and how to alter them remotely. Includes a couple of implementations of ARP poisoning in a bridge based segment and a couple of ways to protect yourself.
| | Author: | Data Wizard | | File Size: | 22573 | | Last Modified: | Sep 7 23:03:45 2001 |
| MD5 Checksum: | 2cddda46bc0102cac912313b0b33cd68 |
|
| /// File Name: |
AnonMoney.zip |
Description:
|
An interesting paper on using the TOR network to anonymously collect funds with eGold.
| | Author: | Mr Babs | | File Size: | 27881 | | Last Modified: | Apr 28 12:47:57 2006 |
| MD5 Checksum: | dd9e819d06c9b8ad5e1c6d1b4d87ce5c |
|
| /// File Name: |
antibot-md5.txt |
Description:
|
This whitepaper discusses a methodology for using MD5 checksums to verify that content on a website has not been manipulated.
| | Author: | Moudi | | File Size: | 11419 | | Last Modified: | Sep 16 03:29:54 2009 |
| MD5 Checksum: | 310522b4f04f88221f9499ac16da3da8 |
|
| /// File Name: |
appOSfingerprint.txt |
Description:
|
Whitepaper entitled Advanced application-level OS fingerprinting: Practical approaches and examples.
| | Author: | Dan Crowley | | File Size: | 12009 | | Last Modified: | Oct 30 13:13:08 2008 |
| MD5 Checksum: | ae054f97b0ef7a85c7a4e4e57059587f |
|
| /// File Name: |
arpspoofing.pdf |
Description:
|
Short whitepaper discussing the basics of ARP spoofing.
| | Author: | Affix | | Homepage: | http://ihack.co.uk/ | | File Size: | 89641 | | Last Modified: | Jan 12 15:37:14 2009 |
| MD5 Checksum: | aabb36931cac90312055efa371921d6f |
|
| /// File Name: |
artigo_anonimato2.txt |
Description:
|
Whitepaper called Anonimato Underground.Written in Portuguese.
| | Author: | Cooler | | File Size: | 35711 | | Last Modified: | Feb 12 14:21:28 2010 |
| MD5 Checksum: | 6e46a781478a042390a6199b87dab107 |
|
| /// File Name: |
asm-1.tbz |
Description:
|
Project Freedocs Volume 4 - A collection of tutorials regarding asm programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 876790 | | Last Modified: | Sep 9 04:11:55 2004 |
| MD5 Checksum: | 36dbbc1321d22b50c15c4c125e5e506a |
|
| /// File Name: |
asp-jsp.pdf |
Description:
|
Whitepaper called ASP and JSP security. Written in Persian.
| | Author: | Soroush Dalili | | File Size: | 1774979 | | Last Modified: | Sep 2 09:55:02 2009 |
| MD5 Checksum: | 9efe0660e8ab5e14374459ac161795d0 |
|
| /// File Name: |
AveOfAttack.pdf |
Description:
|
A New Avenue of Attack: Event-Driven System Vulnerabilities. This paper gives more technical details to security vulnerabilities in event-driven systems and relates it to Information Warfare.
| | Author: | Simos Xenitellis | | Homepage: | http://www.isg.rhul.ac.uk/~simos/event_demo/ | | File Size: | 51408 | | Last Modified: | Aug 11 19:06:53 2002 |
| MD5 Checksum: | f75606876872b209db3c27c173b8f830 |
|
| /// File Name: |
avoiding-sql.txt |
Description:
|
Whitepaper called Avoiding SQL Injection.
| | Author: | Moudi | | File Size: | 5958 | | Last Modified: | Jul 27 20:59:58 2009 |
| MD5 Checksum: | 00b35df4633c955063dd5742bfaa7a92 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
