Security Information and Review

Collection of security information and review

Posts Tagged 'Web Application Security'

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. … continue reading : Wordpress 2.8.5 XSS and File Upload Vulnerability.

15 November 2009 at 23:50 - Comments

Piwik and Open Flash Chart Vulnerability

Author : Admin

In the Piwik with the Open Flash Chart Module has been discovered a vulnerability which can be exploited by malicious people to compromise a vulnerable system. The vulnerability exists in Piwik’s implementation of “open-flash-chart”, a module which resides in the “./libs/open-flash-chart/php-ofc-library” directory.

Piwik is an open source web analytics software with open sources and GPL licensed. … continue reading : Piwik and Open Flash Chart Vulnerability.

21 October 2009 at 02:06 - Comments

Controlling Access Web Application with Web Based Basic Authentication

Author : Admin

If we want to restrict access to our web based application, we can use web based authentication. In this discussion, we will learn how to protect our web based application with web based basic authentication. It’s simple authentication that it’s very common use in the world in various web server.

We can use our web server’s basic authentication scheme quite easily with .htaccess file in our web directory. In this example, we will restrict access to directory in our web based application : http://www.widyani.com/basic_auth. We can create and edit .htaccess file in the %DocumentRoot%/basic_auth, … continue reading : Controlling Access Web Application with Web Based Basic Authentication.

10 October 2009 at 01:33 - Comments

How to Protect Web Application Files

Author : Admin

When we build web application, all files in our web application becomes available for everyone. So, an attacker will try to find any holes in our web application or attack our data. How to protect sensitive file in our web application ..? In this discussion, we will learn step by step to protect our sensitive files in our web application.

The first step to control access to our sensitive file from visitor our web application with web server configuration. It’s assumed that we are using Apache web server and PHP as server side scripting. … continue reading : How to Protect Web Application Files.

10 October 2009 at 00:10 - Comments

SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution

Author : Admin

SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.

 

In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.

13 August 2009 at 03:48 - Comments

Hardening Web Application Security with SSL

Author : Admin

These days, internet or world wide web is a network for everyone, with thousands of businesses, large and small. When data travels from one point of the internet to another, it goes through a number of computers such as router, gateways and others network devices and interception is a possibility at one of these nodes. So, we need a security protocol that ensures secured transactions between the customer’s web browser and the web server. It’s called SSL / TLS protocol, provides endpoint authentication and communications confidentiality over the internet using cryptography and designed to prevent eavesdropping, tampering and message forgery. … continue reading : Hardening Web Application Security with SSL.

23 July 2009 at 11:39 - Comments

Artofdefence Hyperguard Vulnerability

Author : Admin

Hyperguard is a latest-generation enterprise Web application firewall with attack detection and attack protection functions that are freely configurable. Hyperguard enables centralized security monitoring, reporting and alerting and provides custom protection for your Web applications against external attacks. Hyperguard is a software-based web application firewall that is intended to be installed directly on the web server to be protected. It acts as a plugin that integrates into the web server.

 

Hyperguard has a modular design that enables different components to be operated on different servers and therefore work in cluster environments. It is for example possible to protect several web servers using multiple instances of Hyperguard on different machines while all configuration and monitoring can be done on a single master host. Hyperguard is divided into three components. … continue reading : Artofdefence Hyperguard Vulnerability.

3 July 2009 at 17:15 - Comments

Phion Airlock : Web Application Security and Vulnerability

Author : Admin

One of the famous web application firewall is Phion Airlock. It’s web application firewall which will protect and prevent attacker to access data.  Airlock web application firewall ( WAF ) provides a unique combination of protective mechanisms for web applications. Whether you want to observe PCI DSS, safeguard online banking or protect e-commerce applications: Airlock ensures sustained and manageable web application security.

 

The Phion Airlock web application firewall provides an application security gateway, which protects web applications against attacks. The product is completely independent from application or web servers, so security enforcement tasks are outsourced. phion airlock is a software appliance, which makes it possible to also run it in a virtualized environment. As the analyzing tasks are very load intensive, dedicated hardware is recommended. Airlock is a software appliance based on Sun Solaris 10 and is operate as secure reverse proxy technology with optional Single Sign On ( SSO ) authentication and access control capabilities. Airlock is designed and marketed by Phion that started as the brainchild of three young, Wieland Alge, Klaus Gheri and Peter Marte in 2000. … continue reading : Phion Airlock : Web Application Security and Vulnerability.

3 July 2009 at 15:38 - Comments

Radware AppWall : Feature and Vulnerability Review

Author : Admin

Radware AppWall is a web application firewall ( WAF ), designed and marketed by Radware. It’s design to make the secure web application and prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. It enables PCI compliance by mitigating Web application security threats and vulnerabilities to prevent data theft and manipulation of sensitive corporate and customer information. AppWall incorporates advanced, patent-protected Web application security filtering technologies to seamlessly detect threats, block attacks and report events.
… continue reading : Radware AppWall : Feature and Vulnerability Review.

3 July 2009 at 01:35 - Comments

Hardening Web Base Application with Web Application Firewall

Author : Admin

Web Base Application, currently is not become a trend but also a solution in the online system. So, we need to hardening and improve our web base application security with web application firewall, as web application security threats and vulnerabilities to prevent data theft and manipulation of private / sensitive corporate and customer information by attackers. Web application firewalls are generally operate as proxies between clients and web servers. All requests and optionally responses are checked for patterns that indicate attacks against the provided web base application. The matching parts of the requests with the pattern or rule in the web application firewall, the request will be deleted or not forwarded to web base application. If a request is denied, an appropriate error is risen and delivered as a HTTP response to the client browser.

… continue reading : Hardening Web Base Application with Web Application Firewall.

3 July 2009 at 00:42 - Comments