Et Cetera


Using Digital Certificates to Identify Web Site Owners and Protect Against Phishing

Contributed by Edwin Aldridge

Phishing exploits the ordinary Internet user’s inability to be sure that a web site which they have been induced to visit is actually operated by the company or organization whose name appears on screen.

is deployed and used daily by every popular browser. Digital certificates can provide browsers with a reliable source of information about site owners which users can access via the padlock icon, although the information is not as useful as it might be and the padlock display is unintelligible.

This document is in PDF format. To view it click here.


Using Events-Per-Second as a Factor in Selecting SEM Tools

Contributed by Roberto Angelino,

Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices (firewalls, Intrusion Detection Systems (IDS), servers, routers, etc.), and/or how fast an SEM product can correlate data from those devices. A savvy buyer will match the EPS his network is generating to those that can be accommodated by the SEM tool that he is purchasing.

This document is in PDF format. To view it click here.


Ethical Hacking: Rationale for a Hacking Methodological Approach to Network Security

Contributed by Regina D. Hartley


Application Error Handling: How to Avoid Death by a Thousand Cuts

Contributed by Bryan Sullivan and Billy Hoffman

When an application error occurs, whether due to user input or an internal function, we as conscientious developers want to present an error message that will help the end user correct the problem. However, it is possible to be too helpful with your error handling approach. By providing overly detailed application error messages to your users, you can actually be opening your site to hackers. Hackers spend the majority of their time performing reconnaissance on a site, slowly gathering multiple pieces of information to determine how a site is vulnerable. Sometimes, it is a seemingly innocuous piece of information in an application error message that provides an attacker with the last piece of the puzzle necessary for him to launch a devastating attack.

This document is in PDF format. To view it click here.


End-user Device Security

Contributed by Tom Olzak

Where does your business expend most of its resources to prevent malicious code attacks? If your company is like those for which I have worked, most of the time and effort is spent on the network perimeter and servers. But what about those ubiquitous end-user devices?

This document is in PDF format. To view it click here.


Subscribe to RSS - Et Cetera