SecurityRatty: tag: session

Hardened stateless session cookies

2008-05-16 12:40:30 by Steven J. Murdoch in Light Blue Touchpaper

...session cookie proposal These choices would be a substantial improvement on the previous custom design (had they been implemented correctly ), but I still was not quite satisfied. The Fu et al. scheme has the property that an attacker who can read the cryptographic key stored in the database can create spoofed cookies. Given the history of...

Tags: scheme, cookie generation scheme, cookie, cookie authentication schemes, cookies, stateless session cookies, fake cookie, cookie authentication key, authentication database

Session Hijacking in Wireless Networks

2007-12-19 00:00:00 by Editor in Infosec Writers Latest Security Papers

Manmohan PV submits this paper that describes how one can hijack a session using several tools and how one could avaid this

Tags: session, avaid, tools, manmohan, describes, submits, paper, hijack

TechEd Session SEC250 - Windows Server Security Advances - 4:30PM Today, Room N320A

2008-06-11 16:28:41 by jrjones in Jeff Jones Security Blog

...session on Security Advances in Windows Server 2008 today in room N320A I'll be covering this general outline SDL work on Windows Server 2008 Architectural security enhancements Security features and capabilities Looking at the security track record for the first 90 days Without a doubt, Windows Server 2008 is my favorite product that we've...

Tags: windows server, security advances, capabilities, architectural security enhancements, analysis, security track record, favorite, favorite product, security capabilities

SSO Summit Day One Morning Session

2008-07-24 13:35:02 by Gunnar Peterson in 1 Raindrop

...sessions with a SSO history talk. Going through a lot of mainframe centric SSO protocols from the 80s and 90s, I am no expert in these areas and it was fascinating to see the way things vacillated between strength and weakness of SSO protocols A couple of points from the presentation The history of SSO is a story of extreme complexities,...

Tags: sso, sso history talk, sso summit, mainframe sso, sso options, sso protocols, real world, real world lessons, authorization internal

Last HOPE Session Videos - Seeded by AoIS

2008-08-07 02:57:47 by Erik T. Heidt in Art of Information Security

...sessions, especially Crippling Crypto: The Debian OpenSSL Debacle. That presentation, byJacob Appelbaum, Dino Dai Zovi , KarstenNohl is a winner. Not only do they provide a fantastic and detailed description of how OpenSSLs random number generator was accidentallylobotomized, they also demonstrate how toleveragecheap cloud computing to...

Tags: hope session videos, legit torrents, debian openssl debacle, hope video tracker, torrents, dino dai zovi, bad keys, aois, openssls random

RSA Day 2: Wednesday with JJ & the Engima

2008-04-14 01:35:30 by JJ in Security Uncorked

...session to share with you, a day with the Enigmas , and the Security Bloggers Party The highlight of the days sessions had to be the Sins of Our Fathers breakout with an amazingly hilarious geek-filled panel including Daniel Houser , Ben Jun and Hugh Thompson . (Hugh unquestionably won the Most Entertaining Geek Award for the day). I was...

Tags: security, inherent security risk, day, security bloggers party, dry session, session, enigma, enigma machines, fathers session

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...SessionCount Runtime Audit Trail review Broken Authentication / Session Management BrokenAccountCount Runtime Account Review Cross-Site-Scripting XsiteVulnCount Deployment Pen Test Tool Buffer Overflow OverflowVulnCount Deployment Vuln Testing Tools Injection Flaws InjectionFlawCount Runtime Pen Testing Improper Error Handling...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Notes from IEEE Web 2.0 Security and Privacy Workshop (W2SP2008)

2008-05-27 22:45:00 by Security Retentive in Security Retentive

...Session 1: Authentication and Authorization Daniel Sandler and Dan S. Wallach. must die Daniel presented some good idea on how to move password authentication into the browser chrome to improve our defenses against javascript malware such as javascript keyloggers, etc While the work Daniel did was quite cool in that it doesn't require any...

Tags: browser, browser security models, browser project, browser security model, security models, browser security, security, web, security challenges

Automating web application security testing

2007-07-16 11:40:00 by Panayiotis Mavrommatis in Google Online Security Blog

...session. Any web application that serves documents that include data from untrusted sources could be vulnerable to XSS if the untrusted data is not appropriately sanitized. A web application that is vulnerable to XSS can be exploited in two major ways Stored XSS - Commonly exploited in a web application where one user enters information...

Tags: web application, application, input, input parameters, accepts user input, xss, xss vulnerabilities, security, security team check

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo