Hardened Plone. Making Your Plone Site Even More Secure. Presented by: Nathan Van Gheem
|
|
- Heather Sanders
- 8 years ago
- Views:
Transcription
1 Hardened Plone Making Your Plone Site Even More Secure Presented by: Nathan Van Gheem
2 Plone Security Flexible and granular ACL/roles-based security model of Zope All input in Plone is validated Plone does not use a SQL database (injection) Very good security track record More information on org/products/plone/security/overview
3 Unauthorized access XSS CSRF DOS/DDOS Types of Attacks,IRC, :52:42,#ddos,xxx.xxxxxx.com.,<powertool>,Let's all just go to xxx.xxx and push "F5 F5 F5" over and over.,,,
4 The Obvious Things To Do Patch your software! Assign privileges correctly Remove old users Run Plone as unprivileged user(default ZEO install)
5 Drawbacks Plone includes a lot of features. This is great, but it also provides opportunity for attackers to gather information from your site. Examples: RSS feeds include author and username. There is no way through configuration to disable it except by customizing the template.
6 Separate editing site Read-only Plone Sanitize Nginx/Apache Varnish CDN WAF Proxy blocks Protecting Plone
7 Separate Editing Backend Protected by multi-factor authentication RSA WiKID Factored(by Wildcard Corp.) org/pypi/factored Basic authentication on proxy server Different DNS for backends
8 Factored Demo...
9 Read-Only RW ZEO replicates to read-only public sites Assures that even if a user account is exploited, it's not possible to do any damage on the public site Various setups to accomplish read-only Plone Replication Mixing RW and RO rsync Data.fs and blob files to RO server
10 ZRS Replication Can be pricey Works very well No nice monitoring or stats No easy way to turn it off except to change config, restart server ZODB clients >= 3.8 ZODB server >=3.9 RelStorage Supports mysql and postgres There are existing replication strategies for these databases
11 Read-Only ZEO Server
12 Read-Only ZEO Client
13 Read-Only Zope Instance
14 Read-Only Demo...
15 Read-Only With Buildout No options directly in buildout configuration for read-only Manually entering it can be a pain especially when making changes to buildout Use wildcard.recipe.insertinto
16 Wildcard.recipe.insertinto
17 Drawback To Straight Up Read-Only Ugly read-only error message Some things are not written to the database until they are accessed. For instance, custom image scales
18 Read-Only Cont. Or, to prevent the possible case where writeon-read will cause Zope to throw errors, you can abort all transactions.
19 Read-Only Subscriber Demo...
20 Careful Using Doom And Abort... It will prevent most mail from getting sent. To fix this, you can do a conditional abort
21 If You Must Have R/W... - Have different ZEO clients handle R/W operations - Use proxy rules to only have certain urls go to write clients - Other clients can be read-only. Yes, you can mix r/w and r/o clients. - Use Wildcard.lockdown
22 wildcard.lockdown Provide rules to only be able to write to the database for certain types of requests. Create rules Install product Enable rules
23 Example Rule
24 Example Using Lockdown...
25 Rule Settings path An enabling glob expression. This path is always based on the relative Plone site, not the Zope root. request_method Enabling HTTP request method portal_type Published object's portal type host Enabling globing globbing expression for the host name logged_in require user to be logged in custom Custom function to do manual checks against the request object. Return True if you want to commit, False if not.
26 Sanitize Information on backend servers Unnecessary headers Information on users
27 Specific Things In Plone To Sanitize Custom RSS feeds Block logins, password resets Anonymous should not be able to see editor information searchformembers
28 Monitor Text For Info On Backends When users save content, do checks to make sure they aren't saving bad links or other info about backends Also, use TinyMCE events to fix bad links
29 Pseudo Subscriber For Checking Text
30 ZCML Wiring For Subscriber
31 Blocking Requests Use your front ends to block as many maliciously intended requests as possible no reason for plone to even deal with them Can accomplish in Nginx, Apache, Varnish, HAProxy, etc.
32 What Can You Block? Public side, make sure to block anything that users should not be accessing: manage_?*, login*, logged*, require_login*, acl_users*, searchformembers, etc... Also, block any known bad request types. Does your site need POST requests? Rate limiting? Maybe only POST requests?
33 Example Nginx Blocks
34 Caching Varnish Optimize caching By default, cache everything. Everything you serve should have a ttl on it If you have a large site, might be a good idea to continually crawl the site to keep more items in cache Serve stale content if backend is down
35 Normalizing URLs To optimize caching Remove hash from URLs Sort query parameters(varnish) com/cyberroadie/varnish-urlsort Whitelist query parameters Remove cookies, user agent, etc. Block known bad URL types In CDN, Nginx or Varnish Strip Google params
36 Sample Varnish Saint mode -- use stale Grace period -- max time in cache Use always down backend If request fails, restart request with always down backend used, then it'll serve stale.
37 Proxy Setup Limit the number of simultaneous requests being sent to each plone client.max_connections setting for backend Varnish config maxconn setting for haproxy Do not overload Plone Allow proxies to pool requests so plone can serve content at a steady pace Know your expected load
38 Cloudflare/Incapsula Caching CDN WAF Recaptcha for suspicious users Minify Loads of other features No fine grained cache invalidation though
39 Benefits of WAF Can detect various vulnerabilities and XSS attacks and automatically block them for nginx for apache
40 Drawbacks of WAF Blocks a bunch of things that are not Plone related--although, you can customize More server overhead
41 Conclusion Prevent information from getting into the hands of malicious users Protect your Plone servers Always serve content, stale if necessary.
42 More Information psusymp.hardenedplone sample product
43 Questions? Thanks, Nathan Van Gheem website: nathanvangheem.com irc: vangheem twitter: vangheezy
ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationBASICS OF SCALING: LOAD BALANCERS
BASICS OF SCALING: LOAD BALANCERS Lately, I ve been doing a lot of work on systems that require a high degree of scalability to handle large traffic spikes. This has led to a lot of questions from friends
More informationAttack and Penetration Testing 101
Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationConfiguring CQ Security
Configuring CQ Security About Me CQ Architect for Inside Solutions http://inside-solutions.ch CQ Blog: http://cqblog.inside-solutions.ch Customer Projects with Adobe CQ Training Material on Adobe CQ Agenda
More informationrpaf KTl Pen source Plone 3.3 Site Administration Manage your site like a Plone professional Alex Clark
Plone 3.3 Site Administration Manage your site like a Plone professional Alex Clark rpaf KTl Pen source I I f IV* I Y I I community experience distilled PUBLISHING - BIRMINGHAM MUMBAI Preface 1 Chapter
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationAcunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.
Acunetix Web Vulnerability Scanner Getting Started V8 By Acunetix Ltd. 1 Starting a Scan The Scan Wizard allows you to quickly set-up an automated scan of your website. An automated scan provides a comprehensive
More informationHOWTO: Installation of Microsoft Office SharePoint Server 2007
HOWTO: Installation of Microsoft Office SharePoint Server 2007 PREREQUISITES... 2 STEP -1: DO I NEED AN ACTIVE DIRECTORY... 2 STEP 0: INSTALL OS, INCLUDING ALL SERVICE PACKS AND PATCHES... 2 STEP 1: CREATE
More informationSetting Up One Search
Your teachers and students can take advantage of your school s subscription databases all in one place through Destiny One Search. One Search saves staff and patrons time and effort by letting them search
More informationThomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch
Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch What
More informationSQL Server Setup for Assistant/Pro applications Compliance Information Systems
SQL Server Setup for Assistant/Pro applications Compliance Information Systems The following document covers the process of setting up the SQL Server databases for the Assistant/PRO software products form
More informationWorking With Virtual Hosts on Pramati Server
Working With Virtual Hosts on Pramati Server 13 Overview Virtual hosting allows a single machine to be addressed by different names. There are two ways for configuring Virtual Hosts. They are: Domain Name
More informationGalleon Documentation
Galleon Documentation Welcome to Galleon Forums. Support information, including bug and enhancement requests, support forums, etc., may be found at http://galleon.riaforge.org. For version number and release
More informationBASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS
BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationCross Site Scripting in Joomla Acajoom Component
Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended
More informationSANS Dshield Webhoneypot Project. OWASP November 13th, 2009. The OWASP Foundation http://www.owasp.org. Jason Lam
SANS Dshield Webhoneypot Project Jason Lam November 13th, 2009 SANS Internet Storm Center jason@networksec.org The Foundation http://www.owasp.org Introduction Who is Jason Lam Agenda Intro to honeypot
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationSophos UTM Web Application Firewall for Microsoft Exchange connectivity
How to configure Sophos UTM Web Application Firewall for Microsoft Exchange connectivity This article explains how to configure your Sophos UTM 9.2 to allow access to the relevant Microsoft Exchange services
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationIIS SECURE ACCESS FILTER 1.3
OTP SERVER INTEGRATION MODULE IIS SECURE ACCESS FILTER 1.3 Copyright, NordicEdge, 2006 www.nordicedge.se Copyright, 2006, Nordic Edge AB Page 1 of 14 1 Introduction 1.1 Overview Nordic Edge One Time Password
More informationPerforming a Web Application Security Assessment
IBM Software Group Performing a Web Application Security Assessment 2007 IBM Corporation Coordinate the Time of the Audit Set up a time window with the application owner Inform your security team Inform
More informationSQL Injection Vulnerabilities in Desktop Applications
Vulnerabilities in Desktop Applications Derek Ditch (lead) Dylan McDonald Justin Miller Missouri University of Science & Technology Computer Science Department April 29, 2008 Vulnerabilities in Desktop
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationOWASP OWASP. The OWASP Foundation http://www.owasp.org. Selected vulnerabilities in web management consoles of network devices
OWASP Selected vulnerabilities in web management consoles of network devices OWASP 23.11.2011 Michał Sajdak, Securitum Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationRuby on Rails Security. Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH
Ruby on Rails Security Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH Who am I? Jonathan Weiss Consultant for Peritor Wissensmanagement GmbH Specialized in Rails, Scaling, and Code Review Active
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationOnline Vulnerability Scanner Quick Start Guide
Online Vulnerability Scanner Quick Start Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted.
More informationF-Secure Internet Security 2014 Data Transfer Declaration
F-Secure Internet Security 2014 Data Transfer Declaration The product s impact on privacy and bandwidth usage F-Secure Corporation April 15 th 2014 Table of Contents Version history... 3 Abstract... 3
More informationImproving Web Vulnerability Scanning. Daniel Zulla
Improving Web Vulnerability Scanning 1 Daniel Zulla Introduction Hey! 2 Hi there! I m Dan. This is my first year at DEFCON. I do programming and security start-ups. I do some penetration testing as well
More informationComodo Web Application Firewall Software Version 2.11
2 Comodo Web Application Firewall Software Version 2.11 Quick Start Guide Guide Version 2.11.071315 Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013 1.Comodo Web Application Firewall - Quick
More informationREDCap General Security Overview
REDCap General Security Overview Introduction REDCap is a web application for building and managing online surveys and databases, and thus proper security practices must instituted on the network and server(s)
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationConfiguring HAproxy as a SwiftStack Load Balancer
Configuring HAproxy as a SwiftStack Load Balancer To illustrate how a SwiftStack cluster can be configured with an external load balancer, such as HAProxy, let s walk through a step-by-step example of
More informationOutlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions
HOSTING Administrator Control Panel / Quick Reference Guide Page 1 of 9 Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions Exchange 2010 Outlook Profile Setup Page 2 of 9 Exchange
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationFrom centralized to single sign on
The LemonLDAP::NG project Abstract LemonLDAP::NG is a modular WebSSO (Web Single Sign On) software based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the
More informationConducting Web Application Pentests. From Scoping to Report For Education Purposes Only
Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of
More informationGuidelines for Web applications protection with dedicated Web Application Firewall
Guidelines for Web applications protection with dedicated Web Application Firewall Prepared by: dr inŝ. Mariusz Stawowski, CISSP Bartosz Kryński, Imperva Certified Security Engineer INTRODUCTION Security
More informationWindows XP Exchange Client Installation Instructions
WINDOWS XP with Outlook 2003 or Outlook 2007 1. Click the Start button and select Control Panel: 2. If your control panel looks like this: Click Switch to Classic View. 3. Double click Mail. 4. Click show
More informationJOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City
JOOMLA SECURITY by Oliver Hummel ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City CONTACT Nicholas Butler 051-393524 089-4278112 info@irelandwebsitedesign.com Contents Introduction 3 Installation
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationCache All The Things
Cache All The Things About Me Mike Bell Drupal Developer @mikebell_ http://drupal.org/user/189605 Exactly what things? erm... everything! No really... Frontend: - HTML - CSS - Images - Javascript Backend:
More informationSemantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0
Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator
More informationWith so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up.
1 2 Why do we care about web application security? With so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up. We constantly
More informationAlert Notification of Critical Results (ANCR) Public Domain Deployment Instructions
Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions Server Prerequisites Internet Information Server (IIS). It may be enabled in Windows Features (see Enabling IIS section).
More informationSimon Fraser University. Web Security. Dr. Abhijit Sen CMPT 470
Web Security Dr. Abhijit Sen 95% of web apps have Vulnerabilities Cross-site scripting (80 per cent) SQL injection (62 per cent) Parameter tampering (60 per cent) http://www.vnunet.com/vnunet/news/2124247/web-applicationswide-open-hackers
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More information<Insert Picture Here> Oracle Web Cache 11g Overview
Oracle Web Cache 11g Overview Oracle Web Cache Oracle Web Cache is a secure reverse proxy cache and a compression engine deployed between Browser and HTTP server Browser and Content
More informationDesign and Implementation of an IP based authentication mechanism for Open Source Proxy Servers in Interception Mode
Design and Implementation of an IP based authentication mechanism for Open Source Proxy Servers in Interception Mode Tejaswi Agarwal 1 and Mike Leonetti 2 1 School of Computing Science and Engineering,
More informationWeb Application Attacks And WAF Evasion
Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering
More informationRepsheet. A Behavior Based Approach to Web Application Security. Aaron Bedra Application Security Lead Braintree Payments. tirsdag den 1.
Repsheet A Behavior Based Approach to Web Application Security Aaron Bedra Application Security Lead Braintree Payments Right now, your web applications are being attacked And it will happen again, and
More informationApplication Design and Development
C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though
More informationSecure Programming Lecture 12: Web Application Security III
Secure Programming Lecture 12: Web Application Security III David Aspinall 6th March 2014 Outline Overview Recent failures More on authorization Redirects Sensitive data Cross-site Request Forgery (CSRF)
More informationComodo Mobile Device Manager Software Version 1.0
Comodo Mobile Device Manager Software Version 1.0 Installation Guide Guide Version 1.0.041114 Comodo Security Solutions 1255 Broad Street STE 100 Clifton, NJ 07013 Table of Contents 1.CMDM Setup... 3 1.1.System
More informationREDCap Technical Overview
REDCap Technical Overview Introduction REDCap is a web application for building and managing online surveys and databases. This document delineates many of the broader technical aspects of REDCap, such
More informationVMware Identity Manager Connector Installation and Configuration
VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document
More informationThis installation guide will help you install your chosen IceTheme Template with the Cloner Installer package.
Introduction This installation guide will help you install your chosen IceTheme Template with the Cloner Installer package. There are 2 ways of installing the theme: 1- Using the Clone Installer Package
More informationSharePoint Integration Framework Developers Cookbook
Sitecore CMS 6.3 to 6.6 and SIP 3.2 SharePoint Integration Framework Developers Cookbook Rev: 2013-11-28 Sitecore CMS 6.3 to 6.6 and SIP 3.2 SharePoint Integration Framework Developers Cookbook A Guide
More informationSTOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect
STOPPING LAYER 7 ATTACKS with F5 ASM Sven Müller Security Solution Architect Agenda Who is targeted How do Layer 7 attacks look like How to protect against Layer 7 attacks Building a security policy Layer
More informationData Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
More informationRuby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
More informationIS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection
IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities
More informationSecure Web Development Teaching Modules 1. Threat Assessment
Secure Web Development Teaching Modules 1 Threat Assessment Contents 1 Concepts... 1 1.1 Software Assurance Maturity Model... 1 1.2 Security practices for construction... 3 1.3 Web application security
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationPenetration Testing Corporate Collaboration Portals. Giorgio Fedon, Co-Founder at Minded Security
Penetration Testing Corporate Collaboration Portals Giorgio Fedon, Co-Founder at Minded Security Something About Me Security Researcher Owasp Italy Member Web Application Security and Malware Research
More informationAVG Business SSO Connecting to Active Directory
AVG Business SSO Connecting to Active Directory Contents AVG Business SSO Connecting to Active Directory... 1 Selecting an identity repository and using Active Directory... 3 Installing Business SSO cloud
More informationColumbia University Web Application Security Standards and Practices. Objective and Scope
Columbia University Web Application Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Application Security Standards and Practices document establishes a baseline
More informationConfiguration Manual English version
Configuration Manual English version Frama F-Link Configuration Manual (EN) All rights reserved. Frama Group. The right to make changes in this Installation Guide is reserved. Frama Ltd also reserves the
More informationAVG Business Secure Sign On Active Directory Quick Start Guide
AVG Business Secure Sign On Active Directory Quick Start Guide The steps below will allow for download and registration of the AVG Business SSO Cloud Connector to integrate SaaS application access and
More informationContemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited
Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall
More informationAnybody who has a Web presence understands that
Article ISSA Title Article The Author Global Voice of Information Security Evaluating the safety of your Web presence Web Application Testing By Brad C. Johnson There is inherent risk on the Internet the
More informationConfiguring Thunderbird for Flinders Mail at home.
Configuring Thunderbird for Flinders Mail at home. Downloading Thunderbird can be downloaded from the Mozilla web site located at http://www.mozilla.org/download.html This web site also contains links
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationIntroduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3
Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection
More informationBarracuda Syslog Barracuda Web Site Firewall
Overview There are four types of logs generated by the which can be configured to be sent over the syslog mechanism to a remote server specified by the Barracuda Web Site Firewall administrator. These
More informationCCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.
CCM 4350 Week 11 Security Architecture and Engineering Guest Lecturer: Mr Louis Slabbert School of Science and Technology CCM4350_CNSec 1 Web Server Security The Web is the most visible part of the net
More informationDetecting (and even preventing) SQL Injection Using the Percona Toolkit and Noinject!
Detecting (and even preventing) SQL Injection Using the Percona Toolkit and Noinject! Justin Swanhart Percona Live, April 2013 INTRODUCTION 2 Introduction 3 Who am I? What do I do? Why am I here? The tools
More informationAn Insight into Cookie Security
An Insight into Cookie Security Today most websites and web based applications use cookies. Cookies are primarily used by the web server to track an authenticated user or other user specific details. This
More informationSecurity and Control Issues within Relational Databases
Security and Control Issues within Relational Databases David C. Ogbolumani, CISA, CISSP, CIA, CISM Practice Manager Information Security Preview of Key Points The Database Environment Top Database Threats
More informationIP Application Security Manager and. VMware vcloud Air
Securing Web Applications with F5 BIG- IP Application Security Manager and VMware vcloud Air D E P L O Y M E N T G U I D E Securing Web Applications Migrating application workloads to the public cloud
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA January 25, 2007 Contents Executive Summary...3 Introduction...4 Target Audience...4
More information