|
|
|
Website Security in 60 Seconds |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : OK, maybe 5 minutes not 60 seconds. You've just finished getting a site developed or maybe you're thinking about ordering something online. You're curious as to whether the site is full of security holes. Here I'll discuss the intuition I've developed in assessing sites over the years. These are general indicators to watch out for that usually go hand in hand with security problems. They are all easy to spot and don't require any technical skills to speak of. Mickey Mouse Look and Feel This one is touchy-feely, but has never let me down. I can generally tell 2 minutes into an assessment whether the site is going to be full of holes. If the site looks like it was thrown together by a teenager on summer break, chances are there will be problems a-plenty. Spurious Errors If you're casually browsing the site and encounter detailed error messages which make no sense to you, that's a problem. These error messages leak information about the internals of an application hackers will find useful. You can also try to evoke errors by entering data containing quote, semicolon, less-than/greater-tan, "../", or percent characters. Number of Inputs Does the application contain lots of forms? Every input to an application is another exposure. Sites with lots of forms or inputs are more likely to contain security problems. Email Me My Password If the site has a "send me my password via email" button or emails you a password after registration, pwnage. Hidden Fields Browse to the busiest pages in the site and view the HTML source by right clicking on the page. Do a quick search for "hidden", hidden fields are generally abused by developers and lead to security problems. Login with Quotes Try logging in with the password ' or 1=1 --. If the login succeeds or you see lots of errors there could be a problem. Don't try this one on a site that's not your own. Setting Passwords Try setting your password to your username or your username concatenated with "123". If the site allows you to do so, there will be pwnage. These signs only provide a general idea of what you're working with. Most sites contain security problems and so the absence of these indicators does not imply that a site is secure.[]
Les mots clés de la revue de presse pour cet article : security
Les videos sur SecuObs pour les mots clés : security
Les mots clés pour les articles publiés sur SecuObs : security
Les éléments de la revue Twitter pour les mots clé : security
Les derniers articles du site "From a malicious attacker" :
- What is Mathematics Page 38 Exercise 3.
- f0 segfault recovery
- f0 blocks
- f0 dlopen
- args
- Ammonite
- Cross Cloud Scripting
- Django User Enumeration
- Tracing Objective-C
- Finding the Heap of an iPhone Application
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
