Et Cetera

Mon
04
Jan

Ethical Hacking: Rationale for a Hacking Methodological Approach to Network Security

Contributed by Regina D. Hartley

Thu
31
Dec

Application Error Handling: How to Avoid Death by a Thousand Cuts

Contributed by Bryan Sullivan and Billy Hoffman

When an application error occurs, whether due to user input or an internal function, we as conscientious developers want to present an error message that will help the end user correct the problem. However, it is possible to be too helpful with your error handling approach. By providing overly detailed application error messages to your users, you can actually be opening your site to hackers. Hackers spend the majority of their time performing reconnaissance on a site, slowly gathering multiple pieces of information to determine how a site is vulnerable. Sometimes, it is a seemingly innocuous piece of information in an application error message that provides an attacker with the last piece of the puzzle necessary for him to launch a devastating attack.

This document is in PDF format. To view it click here.

Tue
29
Dec

End-user Device Security

Contributed by Tom Olzak

Where does your business expend most of its resources to prevent malicious code attacks? If your company is like those for which I have worked, most of the time and effort is spent on the network perimeter and servers. But what about those ubiquitous end-user devices?

This document is in PDF format. To view it click here.

Tue
29
Dec

End Points Malfeasance

Contributed by Aditya K Sood

This article shows the advancement in the flaw that occur in the end point technology ie client/server transactions. In this the emphasis laid on the HTTP/HTTPS for undertaking rogue issues which become the further base of attacking on the network or protocol infeasibility. The issue discussed are of much importance when ever network problems are concerned.

This document is in PDF format. To view it click here.

Mon
28
Dec

The Internet of Things (IoT) – Removing the Human Element

Contributed by Robert Martin

This paper focuses on the IT security challenges facing the Internet of Things (IoT). An isaca.org article describes the Internet of Things as, “a scenario in which objects, animals or people are provided with unique identifiers and the ability to automatically transfer data over a network without requiring human-to-human or human-to-computer interaction” (Gonzalez & Djurica, 2015). Additionally, this paper outlines the security risks and impacts associated with removing human intervention from the Internet of Things. The four components of the Internet of Things discussed in this paper are the “things” themselves, the data, the communication network, and the computing systems. The purpose of this paper is to show the underlying security risks associated with interconnecting people, data, and devices via the Internet, without human controls.

Pages

Subscribe to RSS - Et Cetera