References And Further Reading
| | ||
| Reference | Link |
|---|---|
| Relevant Security Advisories | |
| Microsoft Security Bulletin MS04-011, SSL PCT Buffer Overflow | http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx |
| "Multiple Vulnerabilities in Sun-One Application Server," includes a log evasion issue | http://www.spidynamics.com/spilabs/advisories/sun-one.html |
| "Preventing Log Evasion in IIS," by Robert Auger | http://www.webappsec.org/projects/articles/082905.shtml |
| TRACK Log Bypass | http://secunia.com/advisories/10506/ |
| BEA WebLogic Advisory | http://dev2dev.bea.com/pub/advisory/65 |
| Apache Mailing Listsrecommend subscription to announcements to receive security bulletin information | http://httpd.apache.org/lists.html |
| PHPXMLRPC Remote PHP Code Injection Vulnerability | http://www. hardened -php.net/advisory_152005.67.html |
| PEAR XML_RPC Remote PHP Code Injection Vulnerability | http://www.hardened-php.net/advisory_142005.66.html |
| phpAdsNew XML-RPC PHP Code Execution Vulnerability | http://secunia.com/advisories/15883/ |
| A Study In Scarlet, Exploiting Common Vulnerabilities in PHP Applications | http://hcs. harvard .edu/~acctserv/help/studyinscarlet.txt |
| PEAR XML-RPC patch | http://pear.php.net/package/XML_RPC/ |
| XML-RPC for PHP patch | http://phpxmlrpc. sourceforge .net |
| WebInsta patch | http://www.webinsta.com/downloadm.html |
| Published Exploits | |
| Microsoft PCT buffer overflow | www.k-otik.com |
| Free Tools | |
| jad, the Java disassembler | |
| Apache ModSecurity | http://www.modsecurity.org |
| ModChroot | http:// core .segfault.pl/~hobbit/mod_chroot/ |
| Apache chroot(2) patch by Arjan De Vet | http://www.devet.org/apache/chroot/ |
| Apache SuExec documentation | http://httpd.apache.org/docs/ |
| The Center for Internet Security (CIS) Apache Benchmark tool and documentation | http://www.cisecurity.org/bench_apache.html |
| Microsoft Update Service | |
| Microsoft IISLockdown and URLScan tools | http://www.microsoft.com/ |
| Cygwin | http://www.cygwin.com/ |
| Commercial Tools | |
| CORE IMPACT, a penetration testing suite from Core Security Technologies | http://www.corest.com/ |
| CANVAS Professional, an exploit development framework from Immunity | http://www.immunitysec.com |
| General References | |
| IIS Security Checklist | http://www.microsoft.com/security |
| URLScan Information Page | http://www.microsoft.com/technet/security/tools/urlscan.mspx |
| "Preventing Log Evasion in IIS" | http://www.webappsec.org/projects/articles/082905.shtml |
| "Securing Apache: Step By Step," by Ryan C. Barnett | http://www.cgisecurity.com/lib/ryan_barnett_gcux_practical.html |
| Bastille Linux Hardening Program | http://www.bastille-linux.org |
| Apache Security by Ivan Ristic (O'Reilly) | http://www.apachesecurity.net/ |
| | ||
EAN: 2147483647
Pages: 127
- Structures, Processes and Relational Mechanisms for IT Governance
- Integration Strategies and Tactics for Information Technology Governance
- Assessing Business-IT Alignment Maturity
- A View on Knowledge Management: Utilizing a Balanced Scorecard Methodology for Analyzing Knowledge Metrics
- Governance Structures for IT in the Health Care Industry