New Whitepaper available on security best practices

From: Gunter Ollmann (gunter_at_ngssoftware.com)
Date: 01/31/05

  • Next message: Paul Laudanski: "Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"
    Date: Mon, 31 Jan 2005 18:12:44 +0000
    To: bugtraq@securityfocus.com
    
    

    Hello List,

    Driven by multiple requests to provide some kind of guidance on what
    constitutes "best security practice", I've created a whitepaper focusing
    on host naming and URL conventions. I've found that by following these
    simple principles the avenue for attack on many Internet-based
    applications is greatly limited.

    I'm planning on releasing a number of new whitepaper this year focusing
    on plain-English explanations and advice on best security practices --
    primarily dealing with web-app security. I'd welcome any suggestions on
    other topics "industry" would like covered in more detail.

    The paper is available at:
    http://www.ngssoftware.com/papers/NISR-BestPracticesInHostURLNaming.pdf

    Abstract:
    A consideration often neglected by many organisations when rolling out
    new servers or developing web-based applications that will be accessible
    by Internet clients and customers is that of host and URL naming
    conventions. There are a number of simple steps that can be taken to
    strengthen the security of an environment or application making it more
    resilient to several popular attack vectors. By understanding how an
    attacker can abuse poorly thought out naming conventions, and by
    instigating a few minor changes, it is possible to positively increase
    the defence-in-depth stature of an environment.

    Cheers,

    Gunter Ollmann

    -- 
    ------------------------------------------------------
    G u n t e r   O l l m a n n,            MSc(Hons), BSc
    Professional Services Director                        
                                                          
    Next  Generation  Security  Software  Ltd.            
    First Floor, 52 Throwley Way  Tel: +44 (0)208 401 0089
    Sutton, Surrey, SM1 4BF, UK   Fax: +44 (0)208 401 0076
    http://www.nextgenss.com      
    ------------------------------------------------------ 
     
    

  • Next message: Paul Laudanski: "Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"