CGISecurity Logo
  • Submit news!

    Have some news that you think others should know about? Fill out the form below and share! Those contributing news will be linked and credited.

  • Article: Secure file upload in PHP web applications

    A good article by Alla Bezroutchko has been published describing how to handle file uploads in PHP, specifically for sites dealing with image uploads. Check it out below. Article Link: http://www.net-security.org/dl/articles/php-file-upload.pdf

  • Ensuring Web application security during a company merger

    "When two organizations merge, it’s certain that they will have different security philosophies, policies, technologies and requirements regarding Web application security. For example, an ecommerce site that allows customers to track order progress has to permit deeper access into the back-end system than one that merely generates an email once the order is completed. Change…

  • The Truth About Open Source Security

    "Is it better to run your company’s firewall or IDS using an open source tool, or is it better to buy something off the shelf? Let’s step through some of the most common arguments used by each side of the open source security debate and see how they do or do not stand up in…

  • Whitepaper: Inter-Protocol Exploitation

    "In October 2006, this author presented a paper exploring the threat of Inter-Protocol Communication. That is, the possibility of two different applications using two different protocols to meaningfully exchange commands and data. This paper extends that and other research to explore Inter-Protocol Exploitation. These findings demonstrate the practicality of encapsulating exploit code in one protocol…

  • Infection Vectors In JUMP

    Aditya K Sood Writes "This article clearly explain the infection vectors in the JSON Uniform Messaging Protocol.As we know definitively that JUMP uses mainly HTTP and a lightweight JSONrecord to edit number of web pages.This article explain the attack vectors in the protocol implementation where the infection can be occured.The infection here relates to the…

  • Rogue XML Specifications

    Aditya K Sood Writes "This article solely relates to the the insecurities that remain in the XML schema defined for any web server that relates to peculiar web servicing application.This is actually based on the AJAX framework as the xml specifcation act as an interface to server objects.The interface which is being provided by the…

  • Zero day risks are Bullshit

    "Patrick Clawson, newly appointed chief executive at PatchLink, poured scorn on the panic associated with “zero day vulnerabilities” calling it “bullshit”. “I’m calling bullshit on the whole zero day thing. These vulnerabilities are announced on that day, not released, it’s in the year running up to that date where they cause problems. By the time…

  • Application Security: Countering The Professionals

    "Security threats and attackers are turning professional. Network managers still need to stop the script-kiddies from defacing their websites, but it is becoming increasingly important to stop the professionals who want to steal valuable information. The new attackers search for vulnerabilities in the application and exploit these weaknesses. Attackers are bypassing die traditional network- layer…

  • Microsoft Patch Tuesday

    5 patches have been released by microsoft to address vulnerabilities discovered in Internet Explorer, Indexing Service, Publisher, Reliable Multicast Program, and the Server Service. Additional information about each issue can be found at the SANS link below. To protect yourself from these issues run Windows Update Sans Link: http://isc.dshield.org/diary.php?storyid=1691

  • The Worry-Warts Guide to Web Application Security

    "In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, Mike Andrews and James A. Whittaker tackle every category of Web software exploit. They reveal where to look for potential threats and attack vectors, how to rigorously test for each of them, and how to mitigate the problems you…

  • Htaccess tutorial Section 2 released

    Securityfocus.com Has a tutorial on how to secureyour site with htaccess. This tutorial comes in 3 parts and they just recently released the 2nd section which is located below. The links sectionhas the link to section 1 and 2 for future reference.Tutorial Section 2