Archive | Countermeasures

Advertisements


03 January 2008 | 6,876 views

gotroot modsecurity Rules for Apache – Anti-spam and Security

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security. ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web […]

Continue Reading


27 December 2007 | 5,380 views

Whitetrash – Dynamic Web White-listing for Squid

This is a pretty neat tool for those using Squid Cache and looking for a pro-active tool for securing web acccess in their company (or house if you have a devious sibling). The goal of Whitetrash is to provide a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and […]

Continue Reading


05 November 2007 | 3,371 views

GFI End of Year Offer – Up to 50% Off

Just a quick note as I know many of you guys are in corporate security positions and might be looking for some of the solutions GFI offers. They are having a Q4 promotion with up to 50% off on some of their products/services. GFI MailEssentials – 25% GFI MailEssentials & GFI MailSecurity Suite – 25% […]

Continue Reading


23 October 2007 | 4,386 views

CORE GRASP – PHP Web Application Protection Software

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations. As mentioned during its presentation at Black Hat USA 2007, GRASP is being released as open source under the Apache 2.0 license. The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine, it […]

Continue Reading


02 October 2007 | 20,823 views

Common Criteria Web Application Security Scoring (CCWAPSS) Released

The purpose of the scoring scale CCWAPSS is to share a common evaluation method for web application security assessments/pentests between security auditors and final customers. This scale does not aim at replacing other evaluation standards but suggests a simple way of evaluating the security level of a web application. CCWAPSS is focused on rating the […]

Continue Reading


08 August 2007 | 5,561 views

XSS Warning – A Security Extension/Add-on for Firefox

XSS Warning is a extension/add-on for Firefox that filters malicious values to prevent Cross Site Scripting (XSS) attacks by malicious URLs (assuming you have Javascript enabled). XSS Warning 0.1.8 beta protect from: URL attack Redirect attack Link code injection Compatible with Firefox: 1.5 – 2.0.0 You can install and read more about XSS Warning here: […]

Continue Reading


27 July 2007 | 4,900 views

Babel Enterprise – Cross Platform System Auditing Tool

Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. It a […]

Continue Reading


01 June 2007 | 19,034 views

Sguil – Intuitive GUI for Network Security Monitoring with Snort

Sguil (pronounced sgweel) is probably best described as an aggregation system for network security monitoring tools. It ties your IDS alerts into a database of TCP/IP sessions, full content packet logs and other information. When you’ve identified an alert that needs more investigation, the sguil client provides you with seamless access to the data you […]

Continue Reading


31 May 2007 | 7,266 views

Google Acquires Web Security Startup GreenBorder

More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder. Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code. Terms of […]

Continue Reading


25 May 2007 | 5,192 views

Consulting Licence Offer From Redseal – Security Risk Manager (SRM)

Redseal is launching a free offer next week for security consultants, pen testers and auditors. Redseal develops a product called Security Risk Manager (SRM), it does the following – (non sales overview) Imports firewall and router configuration files Audits and checks them for errors, mis configurations, redundant rules, checks against best practices etc Draws a […]

Continue Reading


Advertisements