]]>윈도우 감사 툴입니다.
많은 양의 컴터를 감사할때 편하겠군요..
]]>]]>
]]>
http://www.amazon.com/exec/obidos/ASIN/ … tsecuri-20
시간나면 읽어봐야 겠군
]]>
http://www.amazon.com/exec/obidos/ASIN/ … ri-20#noop
스노우 레오파드의 가이드 북
이번에 업그레이드 했는데...
점점 맥이 좋아질라고 하네...ㅎㅎㅎ
]]>
다들 알고 계시는 모드시큐리티 핸드북입니다.
]]>https://secure.sophos.com/security/whit … urity-wpna
이런 유료군요..에궁
]]>The Web Sandbox explores how to advance the Web Platform to improve security, isolation, and quality of service protections for your web site and users.
]]>MS에서 이런 보고서도 만드나 보네요
]]>
Robert Hansen (aka RSnake)가 쓴 300페이지에 달하는 기술서적 이라고 하네요
웹 어플리케이션 보안서적 같음
목차
Detecting Malice: Preface
User Disposition
Deducing Without Knowing
Book Overview
Who Should Read This Book?
Why Now?
A Note on Style
Working Without a Silver Bullet
Special Thanks
Chapter 1 - DNS and TCP: The Foundations of Application Security
In the Beginning Was DNS
Same-Origin Policy and DNS Rebinding
DNS Zone Transfers and Updates
DNS Enumeration
TCP/IP
Spoofing and the Three-Way Handshake
Passive OS Fingerprinting with pOf
TCP Timing Analysis
Network DoS and DDoS Attacks
Attacks Against DNS
TCP DoS
Low Bandwidth DoS
Using DoS As Self-Defense
Motives for DoS Attacks
DoS Conspiracies
Port Scanning
With That Out of the Way...
Chapter 2 - IP Address Forensics
What Can an IP Address Tell You?
Reverse DNS Resolution
WHOIS Database
Geolocation
Real-Time Block Lists and IP Address Reputation
Related IP Addresses
When IP Address Is A Server
Web Servers as Clients
Dealing with Virtual Hosts
Proxies and Their Impact on IP Address Forensics
Network-Level Proxies
HTTP Proxies
AOL Proxies
Anonymization Services
Tor Onion Routing
Obscure Ways to Hide IP Address
IP Address Forensics
To Block or Not?
Chapter 3 - Time
Traffic Patterns
Event Correlation
Daylight Savings
Forensics and Time Synchronization
Humans and Physical Limitations
Gold Farming
CAPTCHA Breaking
Holidays and Prime Time
Risk Mitigation Using Time Locks
The Future is a Fog
Chapter 4 - Request Methods and HTTP Protocols
Request Methods
GET
POST
PUT and DELETE
OPTIONS
CONNECT
HEAD
TRACE
Invalid Request Methods
Random Binary Request Methods
Lowercase Method Names
Extraneous White Space on the Request Line
HTTP Protocols
Missing Protocol Information
HTTP 1.0 vs. HTTP 1.1
Invalid Protocols and Version Numbers
Newlines and Carriage Returns
Summary
Chapter 5 - Referring URL
Referer Header
Information Leakage through Referer
Disclosing Too Much
Spot the Phony Referring URL
Third-Party Content Referring URL Disclosure
What Lurks in Your Logs
Referer and Search Engines
Language, Location, and the Politics That Comes With It
Google Dorks
Natural Search Strings
Vanity Search
Black Hat Search Engine Marketing and Optimization
Referring URL Availability
Direct Page Access
Meta Refresh
Links from SSL/TLS Sites
Links from Local Pages
Users' Privacy Concerns
Determining Why Referer Isn't There
Referer Reliability
Redirection
Impact of Cross-Site Request Forgery
Is the Referring URL a Fake?
Referral Spam
Last thoughts
Chapter 6 - Request URL
What Does A Typical HTTP Request Look Like?
Watching For Things That Don’t Belong
Domain Name in the Request Field
Proxy Access Attempts
Anchor Identifiers
Common Request URL Attacks
Remote File Inclusion
SQL Injection
HTTP Response Splitting
NUL Byte Injection
Pipes and System Command Execution
Cross-Site Scripting
Web Server Fingerprinting
Invalid URL Encoding
Well-Known Server Files
Easter Eggs
Admin Directories
Automated Application Discovery
Well-Known Files
Crossdomain.xml
Robots.txt
Google Sitemaps
Summary
Chapter 7 - User-Agent Identification
What is in a User-Agent Header?
Malware and Plugin Indicators
Software Versions and Patch Levels
User-Agent Spoofing
Cross Checking User-Agent against Other Headers
User-Agent Spam
Indirect Access Services
Google Translate
Traces of Application Security Tools
Common User-Agent Attacks
Search Engine Impersonation
Summary
Chapter 8 - Request Header Anomalies
Hostname
Requests Missing Host Header
Mixed-Case Hostnames in Host and Referring URL Headers
Cookies
Cookie Abuse
Cookie Fingerprinting
Cross Site Cooking
Assorted Request Header Anomalies
Expect Header XSS
Headers Sent by Application Vulnerability Scanners
Cache Control Headers
Accept CSRF Deterrent
Language and Character Set Headers
Dash Dash Dash
From Robot Identification
Content-Type Mistakes
Common Mobile Phone Request Headers
X-Moz Prefetching
Summary
Chapter 9 - Embedded Content
Embedded Styles
Detecting Robots
Detecting CSRF Attacks
Embedded JavaScript
Embedded Objects
Request Order
Cookie Stuffing
Impact of Content Delivery Networks on Security
Asset File Name Versioning
Summary
Chapter 10 - Attacks Against Site Functionality
Attacks Against Sign-In
Brute-Force Attacks Against Sign-In
Phishing Attacks
Registration
Username Choice
Brute Force Attacks Against Registration
Account Pharming
What to Learn from the Registration Data
Fun With Passwords
Forgot Password
Password DoS Attacks
Don’t Show Anyone Their Passwords
User to User Communication
Summary
Chapter 11 - History
Our Past
History Repeats Itself
Cookies
JavaScript Database
Internet Explorer Persistence
Flash Cookies
CSS History
Refresh
Same Page, Same IP, Different Headers
Cache and Translation Services
Uniqueness
DNS Pinning Part Two
Biometrics
Breakout Fraud
Summary
Chapter 12 - Denial of Service
What Are Denial Of Service Attacks?
Distributed DoS Attacks
My First Denial of Service Lesson
Request Flooding
Identifying Reaction Strategies
Database DoS
Targeting Search Facilities
Unusual DoS Vectors
Banner Advertising DoS
Chargeback DoS
The Great Firewall of China
Email Blacklisting
Dealing With Denial Of Service Attacks
Detection
Mitigation
Summary
Chapter 13 - Rate of Movement
Rates
Timing Differences
CAPTCHAs
Click Fraud
Warhol or Flash Worm
Samy Worm
Inverse Waterfall
Pornography Duration
Repetition
Scrapers
Spiderweb
Summary
Chapter 14 - Ports, Services, APIs, Protocols and 3rd Parties
Ports, Services, APIs, Protocols, 3rd Parties, oh my…
SSL and Man in the middle Attacks
Performance
SSL/TLS Abuse
FTP
Webmail Compromise
Third Party APIs and Web Services
2nd Factor Authentication and Federation
Other Ports and Services
Summary
Chapter 15 - Browser Sniffing
Browser Detection
Black Dragon, Master Reconnaissance Tool and BeEF
Java Internal IP Address
MIME Encoding and MIME Sniffing
Windows Media Player “Super Cookie”
Virtual Machines, Machine Fingerprinting and Applications
Monkey See Browser Fingerprinting Software – Monkey Do Malware
Malware and Machine Fingerprinting Value
Unmasking Anonymous Users
Java Sockets
De-cloaking Techniques
Persistence, Cookies and Flash Cookies Redux
Additional Browser Fingerprinting Techniques
Summary
Chapter 16 - Uploaded Content
Content
Images
Hashing
Image Watermarking
Image Stenography
EXIF Data In Images
GDI+ Exploit
Warez
Child Pornography
Copyrights and Nefarious Imagery
Sharm el Sheikh Case Study
Imagecrash
Text
Text Stenography
Blog and Comment Spam
Power of the Herd
Profane Language
Localization and Internationalization
HTML
Summary
Chapter 17 - Loss Prevention
Lessons From The Offline World
Subliminal Imagery
Security Badges
Prevention Through Fuzzy Matching
Manual Fraud Analysis
Honeytokens
Summary
Chapter 18 - Wrapup
Mood Ring
Insanity
Blocking and the 4th Wall Problem
Booby Trapping Your Application
Heuristics Age
Know Thy Enemy
Race, Sex, Religion
Profiling
Ethnographic Landscape
Calculated Risks
Correlation and Causality
Conclusion
About Robert Hansen
]]>
http://www.amazon.com/dp/1597494259?tag … JHBXA&
웹 스캐너이네요..
Highlights from the latest version:
Better performance (less CPU usage, improved HTTP performance and less requests).
SQL injection coverage.
Improved Engines: LFI and Command Injection engines improved.
New test modules such as "crossdomain.xml", "Apache server-status, server-info", "SVN disclosure", "Find backup files", "TRACE/TRACK check" and some more stuff that you hate to check but have to check.
판다 시큐리티에서 USB 백신을 만들었네요
]]>