Dig Security together —— 阅读、挖掘、评论,安全共进步。


Join
Login
Submit Story

Categories

View All
Alert
- Applications security
- Bugtraq
- Exploit from milw0rm
- Exploit from packetstorm
- SANS Handler's Diary
- Virus
- WHID
Attack Vector
- ActiveX
- Botnet
- Data loss
- DDoS
- Emerging Threat
- Iframe
- Insider
- Phishing
- Privacy
- Web defacement
- XSS
Cyber-War
Material
- Ebook
- Podcast
- Security Cartoon
- Tools
Olympics
People
- Why
- zhaol
Sector-Specific
- Banking, Finance & Insurance
- E-commerce & Retail
- Educational Institutions
- Energy, Power & Utilities
- Enterprises
- Government
- Telecommunications
Security Giant
- Cisco
- Google
- IBM
- Microsoft
- NSFOCUS
- Symantec
Security Industry
- Cloud
- Conference
- Jobs
- News
- startup
- web2.0
Security Services
- Incident Response
- ISMS
- IT Audit
- Regulatory Compliance
- Risk Management
- Security Awareness
- Threat Management
- Vulnerability Management
Standard
- BS 25999
- BS 31100
- CMMi
- COBIT
- ISO 20000
- ISO 27001
- ISO 38500

Tag Cloud
Vulnerability Management


1
digs
警惕第三方软件的漏洞
submitted by wanghongyang 699 days ago (via ccert.edu.cn)
由于目前网络上利用第三方软件漏洞传播木马病毒的攻击数量正在逐渐增多,我们整理了一些常被利用的第三方软件漏洞信息供用户参考,这些第三方软件无法通过windows的自动更新机制进行漏洞修补,需要用户自己判断漏洞是否存在并手动升级.大多数时候这些漏洞都可以通过IE浏 览器的调用来利用。
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
Automatic Patch-Based Exploit Generation
submitted by wanghongyang 687 days ago (via cs.cmu.edu)
The automatic patch-based exploit generation problem is: given a program P and a patched version of the program P', automatically generate an exploit for the potentially unknown vulnerability present in P but fixed in P'. In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable ...
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
How to Harden WordPress
submitted by wanghongyang 665 days ago (via blank89.net)
There is no guaranteed way to secure your blog, there will always be a way in, but there are ways to make sure that you’re not vulnerable to any widespread problems. Here are some tips to keep your blog under your control.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
Understanding Penetration Testing Methodology
submitted by wanghongyang 660 days ago (via shortinfosec.net)
A good article describing the elements of a formal penetration testing methodology
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
Automatic Patch-Based Exploit Generation is Possible
submitted by wanghongyang 653 days ago (via net-security.org)
this paper proposes techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
Database Security
submitted by wanghongyang 642 days ago (via theinfected.info)
1. Server security -- ensuring security relating to the actual data or private HTML files stored on the server 2. User-authentication security -- ensuring login security that prevents unauthorized access to information 3. Session security -- ensuring that data is not intercepted as it is broadcast over the Internet or Intranet
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
Database security: protecting sensitive and critical information
submitted by wanghongyang 642 days ago (via theinfected.info)
Database security does not supercede other security technologies, such as network-layer firewalls, network monitoring, SSL-secured communications, operating system and application hardening. But data protection needs to be in place as the core element of a complete enterprise security infrastructure. There is a growing awareness of encryption technologies to protect critical corporate data.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
PHP 实践 Security Checklist
submitted by wanghongyang 639 days ago (via fcicq.net)
5 XSS 允许输入 HTML: strip_tags (事实上应该去掉多数 attribute), 或使用相关的检测函数.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
DNS and SQL Updates
submitted by wanghongyang 617 days ago (via f-secure.com)
The DNS update is noteworthy as it's part of a significant multi-vendor effort. There will be lots of patching going on as a result.The MS08-037 update reportedly conflicts with ZoneAlarm's firewall software. Proceed with caution if you have ZA installed.All of this month's updates are rated as important.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management
1
digs
DNS Inventor:"Patch Domain Name Servers Now"
submitted by wanghongyang 617 days ago (via computerworld.com)
Paul Mockapetris, inventor of the Internet's DNS architecture, has some advice for those in any doubt about the seriousness of a weakness in the DNS protocol that was disclosed yesterday: Patch your DNS servers right now.
 
0 Comments - More Info - Bury   Topic: Vulnerability Management






©2008 2sec.org - All content for this site is under a Creative Commons license
About us  |  Contact us  |  FAQ  |  Feedback  |  Links  |  京ICP备07018489号