Tech Article: HTTP Content Filter Analysis - Finjan SurfinGate V5.6

From: ivan.buetler@csnc.ch
Date: 01/27/03

Next message: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"

Previous message: Pete Herzog: ""How To" OSSTMM 2.5 - Penetration Testing Methodology"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "ivan.buetler@csnc.ch" <ivan.buetler@csnc.ch>
To: pen-test@securityfocus.com
Date: Mon, 27 Jan 2003 23:16:05 +0100

#############################################################
#
# COMPASS SECURITY http://www.csnc.ch/
#
#############################################################
#
# Topic: Tech-Article
# Betreff: HTTP/S Content Filter Analysis - Finjan SurfinGate V5.6
# Autor: Jan Monsch & Ivan Buetler
# Date: 27. January 2003
#
#############################################################

Dear Reader

As you might know - malicious mobile code contamination via web download
becomes a real threat. HTTP content filter techniqe promises protection at
your perimeter infrastructure. While penetrating the clients' infrastructure
during a pen-test job, we are ready to use bypass technique in order to
successfully exploiting the clients security mechanism. This article is
focussed in Finjan SurfinGate HTTP content filter protection - and gives you
a better understanding of threats and risks.

We have used Finjan SurfinGate V5.6. The new V6.0 is already available.

Find the analysis:

http://www.csnc.ch/downloads/docs/techdocs/FinjanSurfinGate_Analysis_CSNC_V3.0.pdf

Kind Regards

Compass Security TEAM

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"
Previous message: Pete Herzog: ""How To" OSSTMM 2.5 - Penetration Testing Methodology"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Tech Article: HTTP Content Filter Analysis - Finjan SurfinGate V5.6
... HTTP/S Content Filter Analysis - Finjan SurfinGate V5.6 ... HTTP content filter techniqe promises protection at ... successfully exploiting the clients security mechanism. ... focussed in Finjan SurfinGate HTTP content filter protection - and gives you ...
(Bugtraq)
[NT] Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Al
... Get your security news from a reliable source. ... A security vulnerability exists in the H.323 filter for Microsoft Internet ... Security and Acceleration Server 2000 that could allow an attacker to ... overflow a buffer in the Microsoft Firewall Service in Microsoft Internet ...
(Securiteam)
[NT] Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities
... Get your security news from a reliable source. ... Internet Explorer 8.0 Beta 2 Anti-XSS Filter Vulnerabilities ... to filter injection into HTTP headers, which will drive hackers to focus ... CRLF Injection is also XSS type 1 and is not mitigated by ...
(Securiteam)
RE: How to restrict users to see data in a mutiuser environment?
... interested setting up workgroup security. ... ' Gets the userid of the current user. ... Dim Length As Long ... which you open the form you want to filter. ...
(microsoft.public.access.modulesdaovba)
Re: Do I really need a FW besides WXP
... Controlling aleady running programs what ... > Since XP Home doesn't really have good security like XP Pro ... If the "router" is running a packet filter and maybe NAT, ... data security to filter away to hide something. ...
(comp.security.firewalls)