Monday, October 23, 2006

CWE - Common Weakness Enumeration

From cwe.mitre.org
CWE is a community-developed dictionary of common software weaknesses targeted to developers and security practitioners.
"...
CWE is a community-developed formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts.

Leveraging the diverse thinking on this topic from academia, the commercial sector, and government, CWE unites the most valuable breadth and depth of content and structure to serve as a unified standard. Our objective is to help shape and mature the code security assessment industry and also dramatically accelerate the use and utility of software assurance capabilities for organizations in reviewing the software systems they acquire or develop.
..."
The CWE project provides a Classification Tree of the full list of software vulnerabilities along with a Full CWE Dictionary.

'Vulnerability Type Distributions in CVE', published as part of the CWE project provides research results on publicly reported vulnerabilities. This technical white paper discusses the high-level types of vulnerabilities that have been publicly reported over the past five years, such as buffer overflows, cross-site scripting (XSS), SQL injection, and PHP file inclusion.

The paper identifies and explains trends such as the rapid rise of web application vulnerabilities, covers the distribution of vulnerability types in operating system vendor advisories, and compares the issues being reported in open and closed source advisories.

read more ...

Posted by Jayesh at 12:13 PM 1 comments

Build Security In - BSI

From, buildsecurityin.us-cert.gov
Build Security In (BSI) is a project of the Strategic Initiatives Branch of the National Cyber Security Division (NCSD) of the Department of Homeland Security (DHS). The Software Engineering Institute (SEI) was engaged by the NCSD to provide support in the Process and Technology focus areas of this initiative. The SEI team and other contributors develop and collect software assurance and software security information that helps software developers, architects, and security practitioners to create secure systems.

BSI content is based on the principle that software security is fundamentally a software engineering problem and must be addressed in a systematic way throughout the software development life cycle. BSI contains and links to a broad range of best practices, tools, guidelines, rules, principles, and other knowledge that can be used to build security into software in every phase of its development.
read more ...

Posted by Jayesh at 12:09 PM 0 comments

An Illustrated Guide to IPsec

From, Steve Friedl's Unixwiz.net Tech Tips, unixwiz.net
"...
IPsec is a suite of protocols for securing network connections, but the details and many variations quickly become overwhelming. This is particularly the case when trying to interoperate between disparate systems, causing more than one engineer to just mindlessly turn the knobs when attempting to bring up a new connection.

This Tech Tip means to give bottom-up coverage of the low-level protocols used in an IPv4 context (we provide no coverage of IPv6). This is not a deployment guide or best-practices document — we're looking at it strictly at the protocol level on up, rather than from the big picture on down.
..."
read more ...

Posted by Jayesh at 12:05 PM 0 comments

Netdude - a Framework for Packet Trace Manipulation

Netdude is a framework for inspection, visualization, and modification of tcpdump packet trace files. Its modular design allows users to interact with the framework at different abstraction levels: a low-level trace navigation wrapper for libpcap called libpcapnav, a high-level API with convenient types for performing common packet manipulation tasks in libnetdude, and a GUI application that allows both small- and large-scale editing previously impossible without writing code. The framework is readily extensible at the libnetdude and GUI levels through its plugin architecture, making it a workbench for the creation of new packet trace tools.
read more ...

Posted by Jayesh at 12:02 PM 0 comments

SQL Injection Walkthrough

From SecuriTeam.com
SQL Injection is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.

The following article from SecuritTeam tries to help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques, to successfully utilize them, and to protect themselves from such attacks.
read more ...

Posted by Jayesh at 11:58 AM 0 comments

HTTP Request Smuggling attack

From Prashant Gawade, Palisade Magazine.
"...
HTTP Request Smuggling (HRS) attack is the result of a device failure to properly handle deformed inbound HTTP requests. HRS works by taking benefit of the discrepancies in HTTP request parsing when one or more HTTP devices are in the data flow between the user and the web server. HTTP Request smuggling leads to various attacks like web cache poisoning, session hijacking, cross-site scripting etc.
..."

read more ...

Posted by Jayesh at 11:55 AM 0 comments

vTun - Virtual Tunnels

From vtun.sourceforge.net
VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It supports IP, PPP, SLIP, Ethernet and other tunnel types. VTun is easily and highly configurable and can be used for various network tasks like VPN, Mobile IP, etc.

read more ...

Posted by Jayesh at 11:51 AM 0 comments

Reading C type declarations

From, Steve Friedl's Unixwiz.net Tech Tips, unixwiz.net

" ...

Even relatively new C programmers have no trouble reading simple C declarations such as 

int      foo[5];     // foo is an array of 5 ints
char    *foo;        // foo is a pointer to char
double   foo();      // foo is a function returning a double

but as the declarations get a bit more involved, it's more difficult to know exactly what you're looking at. 

char *(*(**foo[][8])())[]; // huh ?????

It turns out that the rules for reading an arbitrarily-complex C variable declaration are easily learned by even beginning programmers (though how to actually use the variable so declared may be well out of reach).

This Tech Tip shows how to do it.

..."

read more ...

Posted by Jayesh at 11:25 AM 0 comments

Sunday, October 22, 2006

Your Field Guide To Designing Security Into Networking Protocols

From, Mark Pustilnik & Andrew Roths, MSDN Magazine.

Designing a secure protocol is a treacherous task. This article outlines some of the most common pitfalls that await you, but there are many others. Perhaps the best insurance against making mistakes is having your design reviewed by knowledgeable peers, documenting your security guarantees as well as your thought process, and making sure that no holes are introduced during the inevitably iterative software development process.

You cannot succeed at this task without understanding in great detail the security characteristics of your building blocks, including the fact that they, in turn, are not infallible. You can safely assume that security holes will be found eventually, and be prepared to version your design, including the "pluggable" aspects such as authentication and cryptographic primitives.

This article discusses - Designing for secure communication, Man-in-the-middle attacks, Undue trust relationships in secure transports and Versioning & updates.

read more ...

Posted by Jayesh at 7:06 PM 0 comments

One-way Web Hacking

From Saumil Shah, net-square.com

One-way web hacking is a technique which relies purely on HTTP traffic to attack and penetrate web servers and application servers. This technique was formulated to demonstrate that having tight firewalls or SSL does not really matter when it comes to web application attacks. The premise of the one-way technique is that only valid HTTP requests are allowed in and only valid HTTP responses are allowed out of the firewall.

A tight firewall can make things difficult for an attacker, but not keep the attacker entirely away. One-way hacks demonstrate the fact that, with tools like the file uploader, the web based command prompt and the web based SQL command prompt, it is just as easy to attack a web application and the underlying network with a tight firewall in place.

SSL makes things even worse, from the point of view of securing the application. Many people think that SSL prevents such attacks. It does not. SSL is used only to encrypt the data between the web browser and the web server, to prevent eavesdropping. SSL provides no security to the web application, or the underlying network. All one-way hacks can be easily adapted to SSL, using libraries such as OpenSSL.

Source code and examples of this technique are available here.

read more ...

Posted by Jayesh at 6:46 PM 0 comments

DHCPing - BOOTP/DHCP audit tool

From Gregory Duchemin, dhcping.openwall.net

DHCPing is a lightweight and featureful security tool written in PERL and designed to test the security of various flavors of DHCP implementations around. DHCPing also offers several exploits for the latest vulnerabilities in DHCP implemetation of various vendors along with a set of generic attacks.

A list of the vulnerabilities that DHCPing has contributed to find, is available here (http://c3rb3r.openwall.net/dhcping/matrix.html)

read more ...

Posted by Jayesh at 6:25 PM 0 comments

Subscribe to: Posts (Atom)