Security Information and Review

Collection of security information and review

Archive for July, 2009

Guidelines Basic Security Policy of the Web Services

Author : Admin

If we want to build an enterprise web application services, we should not only focus on the features but the most important is to create the availability and security of the web application services. We also must focus to make good overall web services security. Many people focus only on the security mechanisms to make web application more secure. Security mechanisms are only valuable if they are part of an overall security fabric that provides the level of protection both desired and thought to be in place. It’s important that an enterprise’s security policy be comprehensive and thorough. So, It’s developing good policies more important that must provide for enterprise’s security strategy. … continue reading : Guidelines Basic Security Policy of the Web Services.

25 July 2009 at 23:51 - Comments

Security Challenges of the Web Application Service

Author : Admin

An enterprise web application service, we can configure and use a web application services in many ways. See detail at Introduction and Guide How to Build Web Application Service, find more about many ways that can be used to provide web application services. In this discussion, we must give more attention about security of web application services. Each of ways to build web application services has unique security challenges. Whatever way we take to build web application services. … continue reading : Security Challenges of the Web Application Service.

25 July 2009 at 14:39 - Comments

Hardening Web Application Security with SSL

Author : Admin

These days, internet or world wide web is a network for everyone, with thousands of businesses, large and small. When data travels from one point of the internet to another, it goes through a number of computers such as router, gateways and others network devices and interception is a possibility at one of these nodes. So, we need a security protocol that ensures secured transactions between the customer’s web browser and the web server. It’s called SSL / TLS protocol, provides endpoint authentication and communications confidentiality over the internet using cryptography and designed to prevent eavesdropping, tampering and message forgery. … continue reading : Hardening Web Application Security with SSL.

23 July 2009 at 11:39 - Comments

The Guideline to Improve Web Application Security

Author : Admin

In the previous discussion, The Essential Guidelines for Securing Platform Web Application that there are two category in the web vulnerability. In this discussion we will discuss about how to create web application more secure, with high availability and stable. There are several things that must be considered to building web application more secure and stable. We will discuss more detail in this discussion.

 

If our application supports individual users, then record how users must authenticate to the application with some of the authenticate methods, such HTTP Basic, HTTP Digest, HTTP NTLM and Form Based. Keep in mind that challenge / response mechanisms do not protect passwords with 100 percent security. … continue reading : The Guideline to Improve Web Application Security.

19 July 2009 at 03:34 - Comments

The Essential Guidelines for Securing Platform Web Application

Author : Admin

In this discussion, we will discuss about how to a make secure web application. As we know, there are two categories into which web vulnerabilities, the platform of web server and web application itself. The first category contain vulnerabilities within the platform of web server such Linux, MS Windows, Apache, IIS, MySQL, MS SQL, Oracle and others. The other category is web application itself such programming errors, enable malicious code and an attacker to execute arbitrary database query and others type of the web application vulnerabilities. … continue reading : The Essential Guidelines for Securing Platform Web Application.

19 July 2009 at 02:28 - Comments

Virtualmin Multiple Vulnerabilities

Author : Admin

Virtualmin is one of the famous web hosting management or web server control panel based on Webmin. It’s offers a wide array of productivity enhancing tools for hosting providers, web developers, web designers and end users. With Virtualmin, we can manage our virtual domains, mailboxes, databases, application and entire server resources from one comprehensive interface.

In July 14, 2009, Filip Palian has discovered multiple vulnerabilities, such unprivileged port use, cross side scripting / xss, anonymous proxy, information disclousure and symlink attacks. … continue reading : Virtualmin Multiple Vulnerabilities.

15 July 2009 at 16:30 - Comments

Vulnerability Web Browser Firefox 3.5 with Highly Critical Security

Author : Admin

Mozilla Firefox 3.5 was released June 30th, 2009 that is claimed as the best modern web browser and more faster to render web pages. However, in July 13, 2009, SBerry has discovered a vulnerability in web browser Mozilla Firefox, which can be exploited by malicious people to compromise a user’s system. This is the first vulnerability of Mozilla Firefox v3.5 that was published.

Mozilla Firefox with new features like private browsing, tear-off tabs and enhancements to the Awesome Bar, plus major performance enhancements. In the security improvement, secure surfing is top priority, anti phishing, anti malware technology and have added private browsing and “forget this site” options to ensure our privacy. … continue reading : Vulnerability Web Browser Firefox 3.5 with Highly Critical Security.

15 July 2009 at 12:50 - Comments

How to Securing Microsoft Internet Explorer – IE

Author : Admin

In this discussion, we will be showed how to securing Microsoft Internet Explorer ( also called IE ), one of the most popular web browsers, see Web Browser Wars, Popularity and Market Share. As we know that IE – Internet Explorer is a web browser integrated into the Microsoft Windows operating system and it’s bundled with every copy of Windows.

 

Securing Microsoft Internet Explorer – IE involves applying updates and patches, modifying a few setting and practicing intelligent surfing. Microsoft routinely release Internet Explorer with specific security patch, so it’s very important to configure the Microsoft Windows Update Automatically or visit the Microsoft Windows Update site regularly. … continue reading : How to Securing Microsoft Internet Explorer – IE.

14 July 2009 at 09:27 - Comments

How to Tighten Web Browser Security

Author : Admin

There are several step, we as client or users can take to make web browsers and e-mail client more secure and protect against malicious code or unauthorized use of information. In this discussion, we will describe step by step how to tighten the security of web browser in general browsers or client, it’s not specific in one of the browsers.

 

First step to make sure our browser more secure is restricting the use of programming languages. Most web browsers have option settings that allow users to restrict or deny the use of web based programming languages. For example, Internet Explorer can be set to do one of three things when a JavaScript, Java or Activex element appears on a web page : Always allow, Always Deny and Prompt for user input. … continue reading : How to Tighten Web Browser Security.

13 July 2009 at 22:35 - Comments

Tripwire : Hardening Linux Server with Monitoring Integrity of Files

Author : Admin

Tripwire is a file and directory integrity checker that comparer a designated set of files and directory against information store in a previously generated database. It uses the baseline for comparison of files at scheduled intervals and if changes are detected, alerts are processed based on the configuration. It’s can notify system administrators of corrupted or tampered files, so damages control measures can be taken in a timely manner.

 

We will not discussion about how to install but how to securing and optimizing Tripwire in the Linux server. After installing Tripwire, we next step is verify or change, if necessary options in our Tripwire configuration files. … continue reading : Tripwire : Hardening Linux Server with Monitoring Integrity of Files.

8 July 2009 at 23:53 - Comments