Using Terminal Services to Remotely Administer Windows2000 Servers Securely
This paper will focus primarily on the security issues of using Terminal Services to remotely administer Windows 2000 Servers. A general discussion of Terminal Services clients, licensing, the Remote Desktop Protocol (RDP) and Terminal Services encryption methods will provide the reader with a fundamental understanding of Terminal Services. A brief discussion of various security and Denial of Service vulnerabilities will demonstrate the need for Terminal Services security. The paper will conclude with the general steps necessary to plan, implement, test and monitor a secure Terminal Services configuration to remotely administer Windows 2000 Servers.
Read the Article
|
Security in Sun Java System Application Server Platform Edition 8.0
In this paper we look at the business logic when it consists primarily of Enterprise Java Beans as specified by the Javaâ„¢ 2 Platform, Enterprise Edition (J2EEâ„¢). This paper examines security in a J2EE application server on the middle-tier as the enterprise responds to competitive pressures.
Read the Article
|
A Security Assessment of the Ricoh Afcio 450E Multifunction Device
There is an increasing use in the business community of multifunction devices that provide network printing, scanning and faxing. These devices are frequently being deployed within business with little thought of the security implications of devices that bridge the network and phone line, potentially offering a backdoor to both the network and confidential information via "cross channel" communications. This paper examines the security of the Ricoh Aficio 450E Multifunction device (hereafter known as Ricoh 450E).
Read the Article
|
PHP Secure Installation
As we know that the vulnerabilities in PHP are increasing day by day there comes the need to secure the PHP installation to the highest level. Due to its popularity and its wide usage most of the developers and the administrators will be in trouble if they don't take appropriate steps on security issues during the installation.
Read the Article
|
The End of Application Deployment ~ Sponsor
Secure and Manage delivery of your mission critical business applications. Delivering Windows applications globally to remote offices and mobile users creates significant performance, security and management challenges. Learn how to reduce the cost of delivering them anywhere, on any network and on any device, while increasing security and performance.
Read the Article
|
Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.
Read the Article
|
Application Security Exploit: SQL Injection3 min 48 sec
Hardly a day goes by that we don't hear new information about some company getting themselves hacked. Sure they all have firewalls, but HOW are the hackers getting in? I was hired to perform an application security audit for a local university. They wanted to make sure that they didn't become part of the growing statistics. In this video, I discover that they have error-checking routines to prevent SQL injections while logging in. I simply disable those routines and gain access to the web site.
Watch the Video
|
Malicious Code Injection: Its Not Just for SQL Anymore
While many developers are aware of the threats posed by malicious code, and by SQL injection attacks in particular, there are other forms of code injection that are equally dangerous. Learn more about XPath injection, LDAP injection, and command execution injection and view examples of each type of attack. In addition, learn why many preventative actions that are commonly suggested to developers are not helpful, and discover how the creation of whitelists and blacklists can help to protect an application from malicious code injection attacks.
Read the Article
|
Comparing Application Security Tools17 min 47 sec
DefCon 15 compares and tests application security tools.
Watch the Video
|
8 Considerations for a Complete Application Performance Solution ~ Sponsor
Explore the top 8 considerations that require attention when evaluating products and strategies to establish a complete application performance solution. As your operations become increasingly more global, your enterprise network faces greater application performance challenges. Whether it's bottlenecks or security risks, high-performance businesses need a solution that allows LAN-like application access for employees, partners, vendors and clients–regardless of location.
Read the Article
|
