CGISecurity Logo
  • Securing MySQL: step-by-step

    Securityfocus.com has published "Securing MySQL: step-by-step" a guide to locking down your MySQL Server. "MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very effective security mechanisms.…

  • MRTG for Intrusion Detection with IIS 6

    I found this interesting article on securityfocus which explains how to use mrtg (a popular traffic monitor tool) to monitor intrusion attempts against a IIS 6.0 machine. "But MRTG is also a very effective intrusion detection tool. The concept is simple: attacks often produce some kind of anomalous pattern and human brains are well-equipped to…

  • Basic IIS Lockdown Using Scripts and Group Policy

    "Microsoft Active Directory and Group Policy have a feature-rich set of tools and processes to help save an administrator time and energy in maintaining security within the domain. Locking down a server requires many steps to complete, and depending on the extent to which the server is locked down, it can take up to several…

  • IIS Security and Programming Countermeasures e-book released

    Jason Coombs has released this 440 page e-book on IIS security, and secure programming. Worth a read if you run IIS on a production system.

  • Article #2: “The Cross Site Scripting Faq”

    Currently small informational tidbits about Cross SiteScripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention. This article also covers practicle examples of cookietheft, and also provides tools for public…