Red Tape


Security Best Practice: Host Naming & URL Conventions

Contributed by Gunter Ollmann

A consideration often neglected by many organisations when rolling out new servers or developing web-based applications that will be accessible by Internet clients and customers is that of host and URL naming conventions. There are a number of simple steps that can be taken to strengthen the security of an environment or application making it more resilient to several popular attack vectors. By understanding how an attacker can abuse poorly thought out naming conventions, and by instigating a few minor changes, it is possible to positively increase the defence-in-depth stature of an environment.

This document is in PDF format. To view it click here.


Authentication and Access Control Best Practices for Healthcare Systems

Contributed by Lamaris Davis


An Approach To Web Application Threat Modeling

Contributed by Akash Shrivastava

In present internet computing environment one or the other form of security has become a requirement for all web applications. Importance of Confidentiality, Integrity and Privacy is increasing day by day and security has become vital in internet technology. To design a secure web application, it is very important to analyze and model the potential threats.

Threat modeling is a procedure for optimizing Network/ Application/ Internet Security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system.

This document is in PDF format. To view it click here.


Data Ethics

Contributed by Michael Davis

The growing world of big data presents many interrelated ethical concerns in a business environment. These concerns touch a broad spectrum of ethical concerns including the legal, moral, financial, and social impacts of ethical planning and decision making in emerging situations of data analytics and privacy. As the data continues to grow exponentially in size, the moral concerns will grow as well.

This document is in PDF format. To view it click here.


Implementing and Maintaining AIX Security Policies

Contributed by Andre Derek Protas

This paper is meant to serve as an introductory guide to the basic security and server hardening functions present in AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed toward AIX 5.2. Since security is and will always remain a major issue in server environments, it is crucial that system administrators have a strong working knowledge of security policy implementation and hardening features. This knowledge can be applied to new systems, or to bring older systems up to date.

This document is in PDF format. To view it click here.


Subscribe to RSS - Red Tape