tag:blogger.com,1999:blog-47434150393558063842024-03-13T11:09:58.703+05:30Gopal's BlogGood security testing requires going beyond what is expected and thinking like an attacker who is trying to break the application.<br><center><b>"There is no 'patch' for stupidity"</b></center>Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.comBlogger20125tag:blogger.com,1999:blog-4743415039355806384.post-53843615975491283752011-06-30T20:09:00.005+05:302011-06-30T20:20:56.720+05:30TDL4 (TDSS family) RootkitTDL4 (TDSS family) Rootkit: Q1 2011 was the most active first quarter in malware history. One of the dangerous one is TDL4, it's claimed to support all versions of Microsoft Windows, since XP including Windows 7 sp1, inclusive, and supports both x86 and AMD64 (EM64T).TDL4 (Alurion ???) is the fourth generation of the TDSS Rootkit which hides itself on a system by infecting system files/drivers Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.comtag:blogger.com,1999:blog-4743415039355806384.post-59346330316190558562009-07-30T17:48:00.002+05:302009-07-30T17:54:59.291+05:30Replay Attack & Its CountermeasuresReplay Attack: A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution. This attack uses a simple method of exploiting a captured packet or packets, Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com5tag:blogger.com,1999:blog-4743415039355806384.post-33932574991779618912009-06-25T15:53:00.000+05:302009-07-30T17:47:52.080+05:30Session hijacking: A method of taking over a user sessionSession hijacking:Session hijacking is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed, the attacker can masquerade as that user and do anything the user is authorized to do. Session hijacking works by taking advantage of the fact that most communications are protected withGopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com1tag:blogger.com,1999:blog-4743415039355806384.post-46096450533172257922008-10-31T13:47:00.003+05:302008-11-19T14:43:07.360+05:30Security Considerations for File UploadSecurity Considerations for File Upload: Web applications are all about communicating with an end-user to abstract what information you need to from them depending on the service offered and responding with the data required. In many cases with Web application pages, it is usually simply textual data that is collected and stored. However, there are many cases where web applications need more thanGopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com0tag:blogger.com,1999:blog-4743415039355806384.post-87090576489230036602008-08-12T15:35:00.006+05:302008-08-12T16:29:41.929+05:30Disabling unnecessary services: Part TwoDisabling unnecessary and potentially dangerous services: Part TwoServices: ABCDEFGHIJKLMNOPQRSTUVWXYZ<<Part One>>NTopService Name: NetlogonShort Name: NetlogonProcess Name: lsass.exeDepends on: WorkstationComponents depend on this: NonePurpose: It allows pass-through authentication to take place between a client and a domain controller or between domain controllers; required for domain Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com4tag:blogger.com,1999:blog-4743415039355806384.post-74887717409081923992008-07-25T17:56:00.000+05:302008-08-13T15:33:17.170+05:30Disabling Unnecessary Services: Part OneDisabling unnecessary and potentially dangerous services:Services: ABCDEFGHIJKLMNOPQRSTUVWXYZ<<Part Two>>Well, nowadays organizations are focusing on application security with growing number of attacks on applications. This is really good news to the end users who actually benefit from it however Organizations also benefit from the same by which their reputation can be increased. Securing only Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com2tag:blogger.com,1999:blog-4743415039355806384.post-59293661228691996252008-06-09T16:56:00.000+05:302008-08-13T15:34:00.873+05:30Fundamentals of WCF Security (Part Two)<<Part One>> Fundamental Security Concepts (Continued): The below are some of the available security settings in Windows Communication Foundation (WCF) Security Settings in WCF:Security modeProtection levelClient and service credentialsImpersonationCredential negotiationSecure sessionsAuthentication and authorization behaviorsThe first step to securing a WCF service is defining the “Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com4tag:blogger.com,1999:blog-4743415039355806384.post-76456676257763248982008-05-06T13:10:00.005+05:302008-12-09T23:02:13.021+05:30Fundamentals of WCF Security (Part One)<<Part Two>>Fundamentals of WCF Security (Part One):Building distributed applications has never been easy. As the applications that we write satisfy more complex business requirements, it’s traditionally meant that the distributed applications we build get more complex themselves. It was the below types of development challenges in building distributed applications that drove the Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com4tag:blogger.com,1999:blog-4743415039355806384.post-45734332592390943962008-04-30T15:18:00.000+05:302008-05-02T15:53:47.039+05:30Mass Web Server Hack through SQL InjectionMass Web Server Hack through SQL Injection:There's another round of mass SQL injections going on which has infected hundreds of thousands of websites, what happens after a site is infected is well understood; when a visitor reaches one of the hacked sites, malicious JavaScript loads an IFrame from a malware-hosting server and the IFrame redirects the browser to a different page, also hosted on Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com3tag:blogger.com,1999:blog-4743415039355806384.post-6335346646714340782008-03-05T16:19:00.000+05:302008-08-13T15:22:28.943+05:30Strong Naming and Delay Signing Of Assemblies: Part Three<<Part One>> <<Part Two>>Protecting Secrets with Delay Signing or Partial Signing:Strong names are secure only when the strong name private key is kept secure. Strong names do not have any revocation mechanism that can be used if the private key is compromised and they don’t have any expire date. So, it is very important to keep your private key as private! That is keeping your organization’s Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com5tag:blogger.com,1999:blog-4743415039355806384.post-79249118875440764122008-02-01T16:44:00.000+05:302008-12-09T23:02:13.420+05:30Strong Naming and Delay Signing Of Assemblies: Part Two<<Part One>> <<Part Three>>Working with Strong Names:Strong-name signing is always a good idea for most of the applications, especially for the applications that are deployed over a network and not fully controlled by the deployer. The anti-spoofing and anti-tampering benefits are quite valuable. Before moving into the details it is better to know the challenges involved with the strong naming. Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com2tag:blogger.com,1999:blog-4743415039355806384.post-51960087818011924612008-01-25T16:27:00.000+05:302008-12-09T23:02:14.279+05:30Strong Naming and Delay Signing Of Assemblies: Part One<<Part Two>><<Part Three>> Strong Naming Of An Assembly:Strong naming of an assembly provides integrity; it prevents spoofing of your code by a third party. The .NET Framework uses strong names to identify assemblies and to protect them from tampering by verifying the signature either when loading the assembly or when installing it in the GAC. But strong name signatures do not contain any Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com2tag:blogger.com,1999:blog-4743415039355806384.post-80508700424719907132007-12-11T17:47:00.000+05:302008-01-31T15:17:04.211+05:30Customize your Find in Files Results in Visual StudioCustomize your Find in Files Results in Visual Studio :The default find in files results window of Visual Studio provides you only File name and line number with in the braces along with the code text. You can customize these results to show what you want to see and how you want to see it. If you spend a lot of your time in reformatting these results for any purpose then this tip might be helpfulGopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com0tag:blogger.com,1999:blog-4743415039355806384.post-6876231911997686102007-11-01T16:32:00.000+05:302008-12-09T23:02:14.973+05:30An Overview of CryptographyCryptography:There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography.Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, authentication, and Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com1tag:blogger.com,1999:blog-4743415039355806384.post-60357438501661494432007-10-20T15:57:00.000+05:302008-12-09T23:02:15.422+05:30An Overview Of Buffer Overflows / Buffer OverrunsBuffer Overflows (Buffer Overrun):A buffer overrun condition occurs when a process tries to copy more data into a buffer than the buffer intended to hold. Buffer overruns can occur on the stack memory or on the heap memory. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions that could, damage the user's files, corrupt or overwrite the valid data, or Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com2tag:blogger.com,1999:blog-4743415039355806384.post-27740074505425751462007-10-17T17:22:00.000+05:302008-02-04T17:37:59.489+05:30One Of The Code Injection Attack: LDAP InjectionLDAP Injection:LDAP Injection is an attack technique used to exploit web sites that construct LDAP statements from invalidated user supplied input. Using this attack, the attacker can execute arbitrary statements against the directory services. Simply, LDAP injection attack exploits vulnerabilities in input validation to run arbitrary LDAP statements against information directories. LDAP Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com2tag:blogger.com,1999:blog-4743415039355806384.post-51294763419213810992007-10-10T12:27:00.000+05:302008-02-06T16:58:09.914+05:30Code Injection: XPath InjectionXPath Injection: SQL is the most popular type of code injection attack, there are several others that can be just as dangerous to your applications and your data, including LDAP injection and XPath injection. An ‘XPath injection’ attack is similar to an SQL injection attack, but its target is an XML document rather than an SQL database. ‘XPath Injection’ is an attack technique used to exploit webGopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com1tag:blogger.com,1999:blog-4743415039355806384.post-40116290082950575372007-09-21T17:22:00.000+05:302008-02-04T17:37:59.489+05:30An Over View Of SQL InectionSQL Injection:A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. Your code is vulnerable to SQL injection attacks wherever it uses input parameters to construct SQL statements. A SQL injection attack occurs when un-trusted input / user controllable input can modify the logic of a SQL query in unexpected ways. It can also occur if your Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com0tag:blogger.com,1999:blog-4743415039355806384.post-62371618412467137012007-09-18T18:33:00.000+05:302008-02-06T17:06:23.361+05:30The Cause of Cross-Site ScriptingCross-Site Scripting:Cross-site script (also known as XSS or CSS) vulnerabilities occur whenever one user input is passed back to the browser without adequate validation, sanitization or encoding. Simply XSS occurs when dynamically generated web pages display user input that is not properly validated, enabling an attacker to inject malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com0tag:blogger.com,1999:blog-4743415039355806384.post-66635585286711983372007-09-17T17:45:00.000+05:302008-02-06T16:02:12.263+05:30Assume all input is malicious until proven otherwiseInput validation:Input validation is the most important ingredient of a secure application. Most major security holes today result from input validation flaws. This is something you can fix only by writing secure code; no settings or firewalls can save you here.Your application’s user input is the attacker’s primary weapon when targeting your application. Various attacks like Buffer overflow; Gopal Raohttp://www.blogger.com/profile/07518271146620948826noreply@blogger.com0