SecurityRatty: tag: session

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper

...session cookie proposal These choices would be a substantial improvement on the previous custom design (had they been implemented correctly ), but I still was not quite satisfied. The Fu et al. scheme has the property that an attacker who can read the cryptographic key stored in the database can create spoofed cookies. Given the history of...

Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database

Session Hijacking in Wireless Networks

2007-12-19 00:00:00 by Editor in Infosec Writers Latest Security Papers

Manmohan PV submits this paper that describes how one can hijack a session using several tools and how one could avaid this

Tags: session, avaid, tools, manmohan, describes, submits, paper, hijack

TechEd Session SEC250 - Windows Server Security Advances - 4:30PM Today, Room N320A

2008-06-11 16:28:41 by jrjones in Jeff Jones Security Blog

...session on Security Advances in Windows Server 2008 today in room N320A I'll be covering this general outline SDL work on Windows Server 2008 Architectural security enhancements Security features and capabilities Looking at the security track record for the first 90 days Without a doubt, Windows Server 2008 is my favorite product that we've...

Tags: windows server, security advances, capabilities, architectural security enhancements, analysis, security track record, favorite, favorite product, security capabilities

RSA Day 2: Wednesday with JJ & the Engima

2008-04-14 01:35:30 by JJ in Security Uncorked

...session to share with you, a day with the Enigmas , and the Security Bloggers Party The highlight of the days sessions had to be the Sins of Our Fathers breakout with an amazingly hilarious geek-filled panel including Daniel Houser , Ben Jun and Hugh Thompson . (Hugh unquestionably won the Most Entertaining Geek Award for the day). I was...

Tags: security, inherent security risk, day, security bloggers party, dry session, session, enigma, enigma machines, fathers session

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...SessionCount Runtime Audit Trail review Broken Authentication / Session Management BrokenAccountCount Runtime Account Review Cross-Site-Scripting XsiteVulnCount Deployment Pen Test Tool Buffer Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive

...Session 1: Authentication and Authorization Daniel Sandler and Dan S. Wallach. must die Daniel presented some good idea on how to move password authentication into the browser chrome to improve our defenses against javascript malware such as javascript keyloggers, etc While the work Daniel did was quite cool in that it doesn't require any...

Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized. A web application that is vulnerable to XSS can be exploited in two major ways Stored XSS - Commonly exploited in a web application where one user enters information...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

Prediction 3 - A major site gets hacked

2008-02-01 10:35:00 by Allen Baranov, CISSP in Security Thoughts

...session keys and such. My prediction is that this year or in the foreseeable future malware (all kinds including bots) will try suck session keys from traffic and use them to steal information or do unauthorised actions on "behalf" of a user. This has happened in the past but I believe that it will become more widespread, targetted and...

Tags: malware, bob logs, malware downloads, prediction, bob, suck session keys, session keys, foreseeable future malware, online service providers

Happy Birthday Toddler - - CMDB just turned 2

2008-06-24 20:24:00 by David Link in ScienceLogic

...session titled Ensuring your CMDB Success: Ready, Set, Go Research Director Patricia Adams and VP and Distinguished Analyst Ronnie Colville presented this thought provoking session. It seemed to echo what ScienceLogic has been talking about regarding our thinking around the practical ways to efficiently accomplish key tactical gains against...

Tags: cmdb, cmdb success, cmdb tools, framework tools, fancy framework tools, successful cmdb implementation, deploy, deploy tools, tools

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo