Following the Freshmeat email about the release of version ‘3.2.2′ of ‘Tiger security tool’ I decided to install it and see what can be done with this security scanner.

CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine

In case you neded a place to start in evaluating the steps required for building a Computer Security Incident Response Team (CSIRT) , look no further. CERT/CC has released the Action List for Developing a Computer Security Incident Response Team (CSIRT) .

SideJacking is about sniffing HTTP traffic and cloning whatever cookies are exchanged between the browser and the server. In this way, the attacker can clone your session IDs and eventualy they can hijack your account.

In the wake of the latest PDF / ZIP spam surge, many security analysts and vendors have taken a shot at explaining this phenomenon. It is the case of GFI Software who released an interesting whitepaper called “Attachment spam – the latest trend”.

This publication discusses the fundamental technologies and features of SSL VPNs.
It describes SSL and how it fits within the context of layered network security.
It presents a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments.
It also compares the SSL VPN technology with IPsec VPNs and other VPN solutions.
This information is particularly valuable for helping organizations to determine how best to deploy SSL VPNs within their specific network environments.

Today I came across the The Standard of Good Practice for Information Security which has been produced by the Information Security Forum (ISF), an international association of over 260 leading organisations which fund and co-operate in the development of a practical research programme in information security.
The ISF’s work probably represents the most comprehensive and […]

new tool collection for auditing SIP devices : SIPVicious .swmap, swar, swcrack

Today I discovered an impressive collection of security tools developed and offered for free by iSEC Partners and because I really appreciate any open source effort, I thought at least I could present them.