Archive for the ‘Security’ Category
Apache HTTP DoS tool released
Yesterday an interesting HTTP DoS tool has been released. The tool performs a Denial of Service attack on Apache (and some other, see below) servers by exhausting available connections. While there are a lot of DoS tools available today, this one is particularly interesting because it holds the connection open while sending incomplete HTTP requests to the server.
Data filtering using PHP’s filter functions
Filtering data. We all have to do it. Most, if not all of us, despise doing it. However, unbeknown to most are PHP’s filter functions, that allow us to do all sorts of filtering and validation. Using PHP’s filter functions, we can validate and sanitize data types, URLs, e-mail addresses, IP addresses, strip bad characters, and more, all with relative ease.
This is part one of two, covering filter_var() and the different constants and flags that can be set.
Google gives away a free web application security scanner
Google announced the release of ratproxy, a passive web application security assessment tool that they’ve been using internally at Google. This utility, developed by their information security engineering team, is designed to transparently analyse legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern.
The proxy analyses problems such as cross-site script inclusion threats, insufficient cross-site request forgery defences, caching issues, cross-site scripting candidates, potentially unsafe cross-domain code inclusion schemes and information leakage scenarios, and much more.
Find out more
Intrusion Detection For PHP Applications With PHPIDS
This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.
Search your code for vulnerabilities
I’m a big fan of PHP_CodeSniffer and I think it’s a great development tool, it ensures that you write code that is easy to read and maintain. But, what about making sure that the code you write is secure and doesn’t have any vulnerabilities?
Right, there’s another tool for that…
PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnerabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system.
Web Application Security Scanner
Web security is possibly today’s most overlooked aspect of securing the enterprise and should be a priority in any organization.
Recent research shows that 75% of internet attacks are done at web application level.
Web application security scanners ensure website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities.
There are a few good security scanners that you can use to test the security of your site, and Scavenger is one of them.
Tell me more about Scavenger…
Scavenger is an open source real-time vulnerability management tool. It helps you respond to vulnerability findings, track vulnerability findings, review accepted or false-positive answered vulnerabilities, and not ‘nag’ you with old vulnerabilities.
Scavenger parses the results from a Nessus scan and stores them in a MySQL database. From that point, a user can login to a web interface and answer a vulnerability as ‘addressed’, ‘accept’, or ‘false-positive’. If an administrator answers accept or false-positive, Scavenger will not insert a new vulnerability again. However, if a user marks a vulnerability as ‘addressed’ and it comes up again in a scan, it will insert a new vulnerability into the database.
