Introduction to security: the right tools for your needs.

Mar 182009
 

A few weeks ago, I followed a presentation at Digicomp called “From Ethical Hacking to IT-Forensic” presented by Juerg Fischer. The most interesting part I kept from the presentation (that was in German so may explain the little I remember from it :) ) was about the tools and resources useful for the differents phases of the penetration tests. Even of most of these tools and resources might be alredy know, I hope it will still make an usefull list to somone else than me :)

1. Information Gathering

In this early stage the goal is to gather information about people and architecture you might find during your security analysis.

Whois: Domain name lookup
Sam Spade: Integrated network query tool
SearchDNS: Information about an organisation servers
Archive.org: Access old pages from Internet 

2. Vulnerability Analysis

For this second phase, the goal is to gather information regarding vulnerability that correspond to the list you gathered (type of server, OS …) in the first phase.

Secunia: Vulnerability Database
SecurityFocus: Stay informed

3. Router

Getting ride of the router…

NSLOOKUP: Find the IP addresses of a particular computer
DIG: Investigate DNS
dsniff: Suite of tools to sniff network data

4. Firewall

NMAP: Security Scanner
HPING: TCP/IP packet assembler/analyzer
Firewalk: Determine what layer 4 protocols a  given IP forwarding device will pass

There are many more tools but with the previous links list you should have already enough to start digging into security related topics :) 

Ahmet

 

TOP 25 Most Dangerous Programming Errors

Jan 162009
 

An agreement has been found by expert regarding the top 25 most dangerous programming errors.

Very interesting list indeed, nice point is that we can find a lot of details on how to avoid these security errors. Obviously the dangerous part of these errors is that they can be exploited…

Insecure Interaction Between Components

  • Improper Input Validation
  • Improper Encoding or Escaping of Output
  • Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
  • Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
  • Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
  • Cleartext Transmission of Sensitive Information
  • Cross-Site Request Forgery (CSRF)
  • Race Condition
  • Error Message Information Leak

Risky Resource Management

  • Failure to Constrain Operations within the Bounds of a Memory Buffer
  • External Control of Critical State Data
  • External Control of File Name or Path
  • Untrusted Search Path
  • Failure to Control Generation of Code (aka ‘Code Injection’)
  • Download of Code Without Integrity Check
  • Improper Resource Shutdown or Release
  • Improper Initialization
  • Incorrect Calculation

Porous Defenses

  • Improper Access Control (Authorization)
  • Use of a Broken or Risky Cryptographic Algorithm
  • Hard-Coded Password
  • Insecure Permission Assignment for Critical Resource
  • Use of Insufficiently Random Values
  • Execution with Unnecessary Privileges
  • Client-Side Enforcement of Server-Side Security

AIR bundled in Acrobat Reader 9

Jul 022008
 
Acrobat Reader 9
AIR

A very good news for all AIR developer or for all people hesitating to use AIR for future applications. AIR is bundled in Acrobat Reader 9 (released yesterday), as Acrobat Reader is still one of the most downloaded software of Adobe [it is my assumption, I couldn't find any stats :(] it will certainly help a lot the penetration of AIR (which I couldn’t find any stats either…).

It is interesting to note that some people tend to see bundled software like an unfair ways of doing distributing applications, some commented onRyan Stewart’s post concern about security and posted a link to a sample of trojan injection via PDF. Even if I was aware of some security problems with Flash and Acrobat, I didn’t knew this method to inject .exe via a PDF.

Personally I understand those concern, an incredible high number of user don’t update their software and so are more vulnerable to attack. I think that Adobe could offer the choice to people, even if for the developers and for market share it is not as profitable :)

Ahmet