Vous n'avez pas encore de compte? Enregistrez vous ! En tant que membre enregistré, vous bénéficierez de privilèges tels que: changer le thème de l'interface, modifier la disposition des commentaires, signer vos interventions, ... |
|
|
|
Différence entre SSH et SSL |
|
 Différence entre SSH et SSL "Quelle est la différence entre SSH et SSL ? L'un est-il moins sécurisé que l'autre ?"
19 Juillet 2005 Ce sont là deux mécanismes de sécurisation des communications Web, mais ils divergent sur la plupart des autres points de comparaison.
SSH, pour Secure Shell, désigne à la fois un programme et un protocole de connexion et d'exécution de commande sur un ordinateur accessible depuis un réseau. Le protocole sécurise la communication en utilisant un mécanisme de clef de chiffrement pour tous les paquets échangés. Il a été développé par un finlandais, qui l'a par la suite commercialisé. L'IETF étudie une version standardisée.
|
|
|
Best practices for pen testing Web applications |
|
WEB SECURITY ADVISOR Best practices for pen testing Web applications Michael Cobb 03.09.2006 Rating: -3.50- (out of 5)

Pen testing can be a useful tool for gauging a Web application's ability to withstand an attack. However, if performed incorrectly, it is of little value and even worse, can create a false sense of security. In this tip, we'll examine what a Web application pen test is, provide strategies for getting the most out of them and most importantly, provide proper procedures to avoid this scenario. |
|
|
|
Browser Secrets Unveiled! |
|
by Chetan Gupta
Everyday millions of people surf the web using popular web browsers such as Microsoft Internet Explorer (IE) or any one from the Firefox/Mozilla/Netscape family. A very important step in computer forensics is investigating the web usage of the suspect. This information is useful in everything from examining company policy violation to detecting corporate espionage. Examining a suspect’s web browsing history could provide critical clues to solving the case.
Each of these browsers saves the web browsing activity in their own unique formats. The Internet activity data related to a specific browser could be found in different locations according to the Operating System used by the suspect. In this article, we look at the various tools and techniques available for investigating one of the most widely used browsers: Internet Explorer.
|
|
|
Don't hide sensitive information in hidden form fields |
|
Interactive Web sites use HTML forms for user feedback, online customer registration, authentication, shopping carts and so on. The input elements such as TEXT and RADIO are used to send data to a script or application for processing on the Web server, which generates a response based on the data received. Many sites use the form input type HIDDEN in order to pass data to the Web server without having to show it on the Web page and cluttering it with information that is irrelevant to the user. HIDDEN values are also used to maintain state information, since HTTP itself does not maintain state. Unfortunately, the attribute name HIDDEN is misleading. Although the value of a HIDDEN form field isn't displayed in a Web page, it can easily be viewed by any user who understands the View Source command found in most browsers.
|
|
|
SQL Injection Walkthrough |
|
| The following article will try to help beginners with grasping the problems facing them while trying to utilize SQL Injection techniques, to successfully utilize them, and to protect themselves from such attacks. | | Credit: The information has been provided by SK. | | 1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS.
This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?" for people who truly deserve credit for developing many techniques in SQL injection.
|
|
 |
|
 |
|
|
La manchette de ce site n'est pas disponible pour le moment. |
|
|
La manchette de ce site n'est pas disponible pour le moment. |
|
|
La manchette de ce site n'est pas disponible pour le moment. |
|
|
|