Et Cetera

Mon
31
Aug

Airids Architecture and Methodology

Contributed by Thomas Munn

The Goal: To make an Open-Sourced IDS that can intelligently react to threats without causing denial of service conditions, and reduce the workload of IDS analysts so they can concentrate on less mundane threats.

This document is in PDF format. To view it click here.

Mon
31
Aug

Application Security Cheat Sheet

Contributed by Hrishikesh Sivanandhan

Deploying application in a secure manner has become more critical today then ever before. Enterprises deploy several applications at very short notice. Business demands increased automation and more Internet enabled applications. Security is often considered after the application has been developed and is about to go live or in some cases even after the systems have gone live. This article takes a look at some of the critical factors that needs to be looked at for securing applications.

There are several security considerations that need to be met at different stages in the application life cycle.

This document is in PDF format. To view it click here.

Fri
28
Aug

Managing Internet of Thing Devices

Contributed by Luke Blum

The proliferation of network capable devices, collectively known as the Internet of Things, has provided the unprecedented opportunity for owners to manage and control their devices at any time and from any place. These devices are significantly different from the traditional computing devices that most people are accustomed to. Often smaller in size with limited processing resources, unique protocols were needed to allow these devices to operate effectively.

This document is in PDF format. To view it click here.

Fri
28
Aug

Anti Brute Force Resource Metering

Contributed by Next Generation Security Software Ltd.

Web-based applications authentication processes are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors.

Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.

This document is in PDF format. To view it click here.

Wed
19
Aug

Vendor Verification: Boosting Consumer Confidence in E-Commerce

Contributed by Thomas Stroud

The purpose of this paper is to propose a new method for verifying the identities of vendors in electronic transaction processing as it relates to consumer confidence in e-commerce. Current problems plaguing consumers in the private sector will be discussed with particular attention given to ransomware and similar unwanted programs. This is followed by a discussion of the Secure Electronic Transaction protocol, which provides a framework for vendor verification, andoffers one potential solution for verifying the identities of vendors on the internet. The paper wraps up with implications of vendor verification, including its pros and cons, and finally a summary of the information presented.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Et Cetera