The basics More more then ten years ISECOM (the Institute for Security and Open Methodologies) began with the release of the OSSTMM, the Open Source Security Testing Methodology Manual. The manual for the Open Source Software of all kind was created to improve how security was tested and implemented. Many researchers from various fields contributed because they saw the … [Read more...] about OSSTMM (ISECOM)
Cross-site scripting (XSS) vulnerabilities occur in the following scenario: From a web request not trusted data enters a web application (blog, whatever...) The web application dynamically generates a web page that contains this not trusted data. The application does not prevent the data from containing the content that is executable by a web browser, such as … [Read more...] about XSS – Where the name is from?
The Common Weakness Enumeration Specification (CWE) provides a common language of discourse for discussing, finding and dealing with the causes of software security. The software vulnerabilities may be found in code, or may be the design problems, or system architecture problems. Each individual CWE represents a single vulnerability type. CWE is currently maintained by … [Read more...] about CWE
When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device. Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft. With the growth of … [Read more...] about Safety tips to protect your mobile device
Here is the list of security terms related to Web, Web servers, Web server software, etc: CSRF, XSS, SQLi, Suhosin, ZAP, SSL, BEAST attack, Nessus, Nikto, Qualis, Sucuri, mod_security, Beefproject, OWASP, Security Onion, RC4, Snort, Suricata, Sguil, Squert, Snorby, Bro, NetworkMiner, Xplico, Fail2ban, DDOS Deflate Thanks … [Read more...] about Website Security Terms in 2013