SecurityTracker Monday Morning Vulnerability Summary Dec 17, 2012

Size: px
Start display at page:

Download "SecurityTracker Monday Morning Vulnerability Summary Dec 17, 2012"

Transcription

1 SecurityTracker Monday Morning Vulnerability Summary Dec 17, 2012 In This Week's SecurityTracker Vulnerability Summary SecurityTracker Alerts: 26 Vendors: Adobe Systems Incorporated - Blue Coat Systems - Cisco - Citrix - HP (Compaq) - IBM - Microsoft - Symantec - VMware, Inc. Products: Adobe Flash - Adobe Photoshop - Blue Coat Reporter - Cisco Wireless LAN Controller - Citrix XenApp (MetaFrame Presentation Server) - Citrix XenDesktop - IBM ediscovery Manager - IBM Lotus Notes - IBM Rational ClearQuest - IBM Tivoli Monitoring - Informix - Macromedia ColdFusion - Microsoft DirectX - Microsoft Exchange - Microsoft Internet Explorer (IE) - Microsoft Word - OpenVMS - Symantec Endpoint Protection - Symantec Enterprise Security Manager - Symantec Network Access Control - VMware -... Headlines: 1. IBM Lotus Notes Input Validation Flaw Permits Cross-Site Scripting Attacks 2. Symantec Endpoint Protection Input Validation Flaw Lets Remote Users Execute Arbitrary Code 3. Microsoft Word RTF Parsing Error Lets Remote Users Execute Arbitrary Code 4. Windows IP-HTTPS Certificate Processing Flaw Lets Remote Users Bypass Security Restrictions 5. IBM Informix Buffer Overflow in Processing SQL Statements Lets Remote Authenticated Users Execute Arbitrary Code 6. Microsoft Exchange Server RSS Feed Bug Lets Remote Users Deny Service 7. Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code 8. Symantec Network Access Control Unquoted Search Copyright 2012, SecurityGlobal.net LLC Page 1 of 10

2 Path Lets Local Users Gain Elevated Privileges 9. IBM Rational ClearQuest Input Validation Flaw in Web Client Lets Remote Users Inject SQL Commands 10. Citrix XenApp XML Service Interface Bug Lets Remote Users Execute Arbitrary Code 11. HP OpenVMS LOGIN/ACMELOGIN Bug Lets Local and Remote Users Deny Service 12. Windows File Handling Component Memory Error Lets Remote Users Execute Arbitrary Code 13. Citrix XenDesktop Lets Remote Authenticated Users Bypass USB Redirection Policies 14. Symantec Enterprise Security Manager Unquoted Search Path Lets Local Users Gain Elevated Privileges 15. IBM Tivoli Monitoring Input Validation Flaw in Service Console Permits Cross-Site Scripting Attacks 16. Adobe ColdFusion Lets Local Users Bypass Sandbox Restrictions 17. Blue Coat Reporter Input Validation Hole Permits Cross-Site Scripting and Cross-Site Request Forgery Attacks 18. VMware View Server Directory Traversal Flaw Discloses Files to Remote Users 19. Windows Kernel-Mode Drivers Font Processing Flaw Lets Remote Users Execute Arbitrary Code 20. IBM ediscovery Manager Input Validation Flaw Permits Cross-Site Scripting Attacks 21. Adobe Photoshop Camera Raw Buffer Overflow/Underflow Lets Remote Users Execute Arbitrary Code 22. Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code 23. Microsoft DirectPlay Heap Overflow Lets Remote Copyright 2012, SecurityGlobal.net LLC Page 2 of 10

3 Users Execute Arbitrary Code 24. IBM Rational ClearQuest Input Validation Hole in Web Server Permits Cross-Site Scripting Attacks 25. Cisco Wireless LAN Controller Flaw Permits Cross-Site Request Forgery Attacks 26. Microsoft Internet Explorer Discloses Mouse Location to Remote Users Your SecurityTracker Vulnerability Alerts 1. IBM Lotus Notes A vulnerability was reported in IBM Lotus Notes. A remote user can conduct cross-site scripting attacks. Alert: 2. Symantec Endpoint Protection Vendor: Symantec A vulnerability was reported in Symantec Endpoint Protection. A remote user can execute arbitrary code on the target system. Alert: 3. Microsoft Word A vulnerability was reported in Microsoft Word. A remote user can cause arbitrary code to be executed on the target user's system. Copyright 2012, SecurityGlobal.net LLC Page 3 of 10

4 Alert: 4. Windows DLL (Any) A vulnerability was reported in Windows IP-HTTPS. A remote user can bypass security restrictions. Impact: Host/resource access via network Alert: 5. Informix A vulnerability was reported in IBM Informix. A remote authenticated user can execute arbitrary code on the target system. Alert: 6. Microsoft Exchange A vulnerability was reported in Microsoft Exchange Server. A remote user can cause denial of service conditions. Impact: Denial of service via network Alert: 7. Adobe Flash Vendor: Adobe Systems Incorporated Copyright 2012, SecurityGlobal.net LLC Page 4 of 10

5 Several vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system. Alert: 8. Symantec Network Access Control Vendor: Symantec A vulnerability was reported in Symantec Network Access Control. A local user can obtain elevated privileges on the target system. Impact: Execution of arbitrary code via local system Alert: 9. IBM Rational ClearQuest A vulnerability was reported in IBM Rational ClearQuest. A remote user can inject SQL commands. Impact: Disclosure of system information Alert: 10. Citrix XenApp (MetaFrame Presentation Server) Vendor: Citrix A vulnerability was reported in Citrix XenApp. A remote user can execute arbitrary code on the target system. Alert: Copyright 2012, SecurityGlobal.net LLC Page 5 of 10

6 11. OpenVMS Vendor: HP (Compaq) Two vulnerabilities were reported in HP OpenVMS. A remote user can cause denial of service conditions. A local user can cause denial of service conditions. Impact: Denial of service via local system Alert: 12. Windows DLL (Any) A vulnerability was reported in Windows File Handling Component. A remote user can cause arbitrary code to be executed on the target user's system. Alert: 13. Citrix XenDesktop Vendor: Citrix A vulnerability was reported in Citrix XenDesktop. A remote authenticated user can bypass USB redirection policies. Impact: Modification of system information Alert: 14. Symantec Enterprise Security Manager Vendor: Symantec A vulnerability was reported in Symantec Enterprise Security Copyright 2012, SecurityGlobal.net LLC Page 6 of 10

7 Manager. A local user can obtain elevated privileges on the target system. Impact: Root access via local system Alert: 15. IBM Tivoli Monitoring A vulnerability was reported in IBM Tivoli Monitoring. A remote user can conduct cross-site scripting attacks. Alert: 16. Macromedia ColdFusion Vendor: Adobe Systems Incorporated A vulnerability was reported in Adobe ColdFusion. A local user can obtain elevated privileges on the target system. Impact: User access via local system Alert: 17. Blue Coat Reporter Vendor: Blue Coat Systems A vulnerability was reported in Blue Coat Reporter. A remote user can conduct cross-site scripting and cross-site request forgery attacks. Alert: Copyright 2012, SecurityGlobal.net LLC Page 7 of 10

8 18. VMware Vendor: VMware, Inc. A vulnerability was reported in VMware View Server. A remote user can view files on the target system. Impact: Disclosure of system information Alert: 19. Windows Drivers A vulnerability was reported in Windows Kernel-Mode Drivers. A remote user can cause arbitrary code to be executed on the target user's system. Alert: 20. IBM ediscovery Manager A vulnerability was reported in IBM ediscovery Manager. A remote user can conduct cross-site scripting attacks. Alert: 21. Adobe Photoshop Vendor: Adobe Systems Incorporated A vulnerability was reported in Adobe Photoshop Camera Raw. A remote user can cause arbitrary code to be executed on the target user's system. Copyright 2012, SecurityGlobal.net LLC Page 8 of 10

9 Alert: 22. Microsoft Internet Explorer (IE) Several vulnerabilities were reported in Microsoft Internet Explorer. A remote user can cause arbitrary code to be executed on the target user's system. Alert: 23. Microsoft DirectX A vulnerability was reported in Microsoft DirectPlay. A remote user can cause arbitrary code to be executed on the target user's system. Alert: 24. IBM Rational ClearQuest A vulnerability was reported in IBM Rational ClearQuest. A remote user can conduct cross-site scripting attacks. Alert: 25. Cisco Wireless LAN Controller Copyright 2012, SecurityGlobal.net LLC Page 9 of 10

10 Vendor: Cisco A vulnerability was reported in Cisco Wireless LAN Controller. A remote user can conduct cross-site request forgery attacks. Alert: 26. Microsoft Internet Explorer (IE) A vulnerability was reported in Microsoft Internet Explorer. A remote user can determine mouse location and movement. Impact: Disclosure of system information Alert: Copyright 2012, SecurityGlobal.net LLC Page 10 of 10

SecurityTracker Monday Morning Vulnerability Summary Oct 28, 2013

SecurityTracker Monday Morning Vulnerability Summary Oct 28, 2013 In This Week's SecurityTracker Vulnerability Summary SecurityTracker Alerts: 27 Vendors: Alstom - Apple Computer - CA - Cisco - EMC - F5 Networks - GNU [multiple authors] - Gnupg.org - Google - Joyent,

More information

Web Application Report

Web Application Report Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

Windows Phone 7 Internals and Exploitability

Windows Phone 7 Internals and Exploitability Windows Phone 7 Internals and Exploitability (abridged white paper) Tsukasa Oi Research Engineer 目 次 1. Abstract... 3 2. Introduction: Windows Phone 7 and Analysis... 3 3. Security Analysis Windows Phone

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

MCAFEE FOUNDSTONE FSL UPDATE

MCAFEE FOUNDSTONE FSL UPDATE MCAFEE FOUNDSTONE FSL UPDATE 2012-JUN-13 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and

More information

Executive Summary On IronWASP

Executive Summary On IronWASP Executive Summary On IronWASP CYBER SECURITY & PRIVACY FOUNDATION 1 Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open

More information

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011 Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing

More information

MCAFEE FOUNDSTONE FSL UPDATE

MCAFEE FOUNDSTONE FSL UPDATE 2015-SEP-03 FSL version 7.5.737 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary

More information

Patch Assessment Content Update Release Notes for CCS 11.1. Version: 2016-02 Update

Patch Assessment Content Update Release Notes for CCS 11.1. Version: 2016-02 Update Patch Assessment Content Update Release Notes for CCS 11.1 Version: 2016-02 Update Patch Assessment Content Update 2016-02 Release Notes for CCS 11.1 Legal Notice Copyright 2016 Symantec Corporation. All

More information

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, 2014. Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Adobe ColdFusion Secure Profile Web Application Penetration Test July 31, 2014 Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661 Chicago Dallas This document contains and constitutes the

More information

MCAFEE FOUNDSTONE FSL UPDATE

MCAFEE FOUNDSTONE FSL UPDATE MCAFEE FOUNDSTONE FSL UPDATE 2013-FEB-25 To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

============================================================= =============================================================

============================================================= ============================================================= Stephan Lantos Subject: FW: @RISK: The Consensus Security Vulnerability Alert: Vol. 13, Num. 23 In partnership with SANS and Sourcefire, Qualys is pleased to provide you with the @RISK Newsletter. This

More information

iviz Security Inc (In) Security in Security Products 2013

iviz Security Inc (In) Security in Security Products 2013 iviz Security Inc (In) Security in Security Products 2013 iviz Security Inc 2013 Introduction We use security products to secure our systems and our businesses. However, the very security products we use,

More information

MANAGED SECURITY TESTING

MANAGED SECURITY TESTING MANAGED SECURITY TESTING SERVICE LEVEL COMPARISON External Network Testing (EVS) Scanning Basic Threats Penetration Testing Network Vulnerability Scan Unauthenticated Web App Scanning Validation Of Scan

More information

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006 Adjusting Prevention Policy Options Based on Prevention Events Version 1.0 July 2006 Table of Contents 1. WHO SHOULD READ THIS DOCUMENT... 4 2. WHERE TO GET MORE INFORMATION... 4 3. VERIFYING THE OPERATION

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

WHITEPAPER ON SAP SECURITY PATCH IMPLEMENTATION Helps you to analyze and define a robust strategy for implementing SAP Security Patches

WHITEPAPER ON SAP SECURITY PATCH IMPLEMENTATION Helps you to analyze and define a robust strategy for implementing SAP Security Patches A BasisOnDemand.com White Paper WHITEPAPER ON SAP SECURITY PATCH IMPLEMENTATION Helps you to analyze and define a robust strategy for implementing SAP Security Patches by Prakash Palani (Prakash.palani@basisondemand.com)

More information

Patch Assessment Content Update Release Notes for CCS 11.0. Version: 2012-2 Update

Patch Assessment Content Update Release Notes for CCS 11.0. Version: 2012-2 Update Patch Assessment Content Update Release Notes for CCS 11.0 Version: 2012-2 Update Patch Assessment Content Update 2012-2 Release Notes for CCS 11.0 Legal Notice Copyright 2012 Symantec Corporation. All

More information

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4

SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 SAST, DAST and Vulnerability Assessments, 1+1+1 = 4 Gordon MacKay Digital Defense, Inc. Chris Wysopal Veracode Session ID: Session Classification: ASEC-W25 Intermediate AGENDA Risk Management Challenges

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

Attack Vector Detail Report Atlassian

Attack Vector Detail Report Atlassian Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

Adobe Flash Player and Adobe AIR security

Adobe Flash Player and Adobe AIR security Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,

More information

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it

More information

Citrix XenDesktop & XenApp

Citrix XenDesktop & XenApp VMware Management Pack for Citrix XenDesktop & XenApp How Blue Medora Complements vrealize VMware provides best-ofbreed management for Virtualization / Cloud vsphere via vrealize Operations How Blue Medora

More information

Integrigy Corporate Overview

Integrigy Corporate Overview mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation

More information

VMware vrealize Operations. Management Pack for. PostgreSQL

VMware vrealize Operations. Management Pack for. PostgreSQL VMware for PostgreSQL How Blue Medora Complements vrealize VMware provides best-ofbreed management for Virtualization / Cloud vsphere via vrealize Operations How Blue Medora Complements vrealize Applications

More information

Using Palo Alto Networks to Protect Microsoft SharePoint Deployments

Using Palo Alto Networks to Protect Microsoft SharePoint Deployments Using Palo Alto Networks to Protect Microsoft SharePoint Deployments June 2009 Palo Alto Networks 232 East Java Dr. Sunnyvale, CA 94089 Sales 866.207.0077 www.paloaltonetworks.com Table of Contents Introduction...

More information

Guangzhou Macau Hong Kong Shanghai Beijing

Guangzhou Macau Hong Kong Shanghai Beijing Guangzhou Macau Hong Kong Shanghai Beijing Agenda Module 1 Module 2 Module 3 Module 4 Module 5 Module 6 Module 7 Module 8 Module 9 Module 10 Introduction to Citrix XenApp, backgrounds and history Introduction

More information

Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore

Top Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, Singapore TodayÕs battleground Ð the Web Web sites and web applications rapidly growing. Complex business applications are now delivered over

More information

The Leader in Cloud Security SECURITY ADVISORY

The Leader in Cloud Security SECURITY ADVISORY The Leader in Cloud Security SECURITY ADVISORY Security Advisory - December 14, 2010 Zscaler Provides Protection in the Face of Significant Microsoft Year End Patch Cycle Zscaler, working with Microsoft

More information

Certified Secure Web Application Security Test Checklist

Certified Secure Web Application Security Test Checklist www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill

More information

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents

MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents Contents MWR InfoSecurity Security Advisory pfsense DHCP Script Injection Vulnerability 25 th July 2008 2008-07-25 Page 1 of 10 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical

More information

Network Industry Trends

Network Industry Trends Network Industry Trends Friday October 24, 2008 Dennis Smith The Bank of New York Mellon First Vice President Infrastructure Advanced Engineering Agenda The Bank of New York Mellon History of the Network

More information

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP) Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage

More information

Microsoft STRIDE (six) threat categories

Microsoft STRIDE (six) threat categories Risk-based Security Testing: Prioritizing Security Testing with Threat Modeling This lecture provides reference material for the book entitled The Art of Software Security Testing by Wysopal et al. 2007

More information

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298 California State Senate Bill 1386 / Assembly Bill 1298 InterSect Alliance International Pty Ltd Page 1 of 8 Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty

More information

2009 IBM ISS X-Force Mid-Year Trend & Risk Report

2009 IBM ISS X-Force Mid-Year Trend & Risk Report 2009 IBM ISS X-Force Mid-Year Trend & Risk Report IBM Internet Security Systems (ISS) Andrew Luetje ISS Solutions Specialist 816-679-2885 andrewlu@us.ibm.com X-Force R&D -- Unmatched Security Leadership

More information

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited Contemporary Web Application Attacks Ivan Pang Senior Consultant Edvance Limited Agenda How Web Application Attack impact to your business? What are the common attacks? What is Web Application Firewall

More information

SANDCAT THE WEB APPLICATION SECURITY ASSESSMENT SUITE WHAT IS SANDCAT? MAIN COMPONENTS. Web Application Security

SANDCAT THE WEB APPLICATION SECURITY ASSESSMENT SUITE WHAT IS SANDCAT? MAIN COMPONENTS. Web Application Security SANDCAT WHAT IS SANDCAT? THE WEB APPLICATION SECURITY ASSESSMENT SUITE Sandcat is a hybrid multilanguage web application security assessment suite - a software suite that simulates web-based attacks. Sandcat

More information

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat

More information

APPENDIX A Web Redesign Infrastructure. Deployment Overview

APPENDIX A Web Redesign Infrastructure. Deployment Overview APPENDIX A Web Redesign Infrastructure Deployment Overview Last Updated: 02/22/2010 New Products Glossary IBM Server Components IBM WebSphere Portal: IBM WebSphere Portal Server extends the WebSphere platform

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

Implementation of Web Application Firewall

Implementation of Web Application Firewall Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,

More information

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide Advanced Functionality Basic Functionality Feature MANAGEMENT Microsoft Management Console Enhanced Connection

More information

Last update: February 23, 2004

Last update: February 23, 2004 Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to

More information

Patch Assessment Content Update Release Notes for CCS 11.1. Version: 2015-10 Update

Patch Assessment Content Update Release Notes for CCS 11.1. Version: 2015-10 Update Patch Assessment Content Update Release Notes for CCS 11.1 Version: 2015-10 Update Patch Assessment Content Update 2015-10 Release Notes for CCS 11.1 Legal Notice Copyright 2015 Symantec Corporation. All

More information

www.gurgaonithub.com

www.gurgaonithub.com Project Office 365 Migration / Customer Vertical Mobile Manufacturer Consolidate, streamline and standardize Messaging Solution Decrease IT costs Reduce demands for data center Improve application performance

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0

SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN. Final. Version 1.0 SENSITIVE AUSTRALIAN SPORTS COMMISSION ATHLETE MANAGEMENT SYSTEM (AMS) SMARTBASE SECURITY TEST PLAN Final Version 1.0 Preconditions This security testing plan is dependent on the following preconditions:

More information

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda

Threat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda Threat Modeling/ Security Testing Presented by: Tarun Banga Sr. Manager Quality Engineering, Adobe Quality Leader (India) Adobe Systems India Pvt. Ltd. Agenda Security Principles Why Security Testing Security

More information

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide Published July 2015 This document covers steps to configure Citrix VDI on Pulse Secure s SA Series SSL VPN platforms. It also covers brief

More information

Hack Proof Your Webapps

Hack Proof Your Webapps Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00 Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak Capture Link Server V1.00 Version 1.0 Eastman Kodak Company, Health Imaging Group Page 1 Table of Contents

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Web application vulnerability statistics for 2010-2011

Web application vulnerability statistics for 2010-2011 Web application vulnerability statistics for 2010-2011 SERGEY GORDEYCHIK DMITRY EVTEEV ALEXANDER ZAITSEV DENIS BARANOV SERGEY SCHERBEL ANNA BELIMOVA GLEB GRITSAI YURI GOLTSEV TIMUR YUNUSOV ILYA KRUPENKO

More information

IBM Advanced Threat Protection Solution

IBM Advanced Threat Protection Solution IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain

More information

Web Vulnerability Assessment Report

Web Vulnerability Assessment Report Web Vulnerability Assessment Report Target Scanned: www.daflavan.com Report Generated: Mon May 5 14:43:24 2014 Identified Vulnerabilities: 39 Threat Level: High Screenshot of www.daflavan.com HomePage

More information

8070.S000 Application Security

8070.S000 Application Security 8070.S000 Application Security Last Revised: 02/26/15 Final 02/26/15 REVISION CONTROL Document Title: Author: File Reference: Application Security Information Security 8070.S000_Application_Security.docx

More information

Symantec NetBackup Getting Started Guide. Release 7.1

Symantec NetBackup Getting Started Guide. Release 7.1 Symantec NetBackup Getting Started Guide Release 7.1 21159722 Contents NetBackup Getting Started Guide... 5 About NetBackup... 5 How a NetBackup system works... 6 How to make a NetBackup system work for

More information

Mobile Admin Deployment Guide

Mobile Admin Deployment Guide Hardware Selection Mobile Admin Deployment Guide This document is provided to help you best deploy Mobile Admin within your network infrastructure. The diagram below represents a possible deployment of

More information

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory

More information

Programming Flaws and How to Fix Them

Programming Flaws and How to Fix Them 19 ö Programming Flaws and How to Fix Them MICHAEL HOWARD DAVID LEBLANC JOHN VIEGA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City- Milan New Delhi San Juan Seoul Singapore

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide This document covers steps to configure Citrix VDI on Juniper Network s SA Series SSL VPN platforms. It also covers brief overview of

More information

Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities. Andre Protas Steve Manzuik

Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities. Andre Protas Steve Manzuik Skeletons in Microsoft s Closet - Silently Fixed Vulnerabilities Andre Protas Steve Manzuik Presentation Outline - Introductions / Outline - That s this slide so we are done with that. - Non-Disclosure

More information

About NGSSoftware Research Software Consultancy

About NGSSoftware Research Software Consultancy Next Generation Security Software Limited NGSSoftware (Research, Software & Consultancy) Introduction About NGSSoftware Research Software Consultancy About NGSSoftware About NGSSoftware - History Formerly

More information

IBM Protocol Analysis Module

IBM Protocol Analysis Module IBM Protocol Analysis Module The protection engine inside the IBM Security Intrusion Prevention System technologies. Highlights Stops threats before they impact your network and the assets on your network

More information

Security Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc.

Security Vulnerabilities in Open Source Java Libraries. Patrycja Wegrzynowicz CTO, Yonita, Inc. Security Vulnerabilities in Open Source Java Libraries Patrycja Wegrzynowicz CTO, Yonita, Inc. About Me Programmer at heart Researcher in mind Speaker with passion Entrepreneur by need @yonlabs Agenda

More information

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers Record and Replay All Windows and Unix User Sessions Like a security camera on your servers ObserveIT is the only enterprise solution that records both Windows and Unix user sessions, supporting all methods

More information

Benefit. Allows you to integrate RES PowerFuse with application virtualization technologies other than SoftGrid (e.g. Citrix XenApp, VMWare Thinapp).

Benefit. Allows you to integrate RES PowerFuse with application virtualization technologies other than SoftGrid (e.g. Citrix XenApp, VMWare Thinapp). Core (1/2) Access Control Access to settings and applications can be based on Organizational Units in Directory Services like (Active Directory and Novell) or through users and groups in the domain. This

More information

Olympus Dictation Management System R6. Installation Guide. Workgroup Structure System Configuration Program License Manager Client Virtual Driver

Olympus Dictation Management System R6. Installation Guide. Workgroup Structure System Configuration Program License Manager Client Virtual Driver Olympus Dictation Management System R6 Installation Guide Workgroup Structure System Configuration Program License Manager Client Virtual Driver Contents Trademarks and Copyrights 4 1 INTRODUCTION 5 1.1

More information

RES PowerFuse Version Comparison Chart (1/9)

RES PowerFuse Version Comparison Chart (1/9) RES PowerFuse Version Comparison Chart (1/9) Alerting Allows you to set up notifications of specific events, which can consist of sending e-mails to one or more recipients, sending SNMP notifications (

More information

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221 Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC www.aspetech.com toll-free: 877-800-5221 Security Training for Developers, Testers and Managers Security Innovation, Inc. 187 Ballardvale

More information

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard Payment Card Industry (PCI) Data Security Standard Technical and Operational Requirements for Approved Scanning Vendors (ASVs) Version 1.1 Release: September 2006 Table of Contents Introduction...1-1 Naming

More information

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015

Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source

More information

Chapter 1 Web Application (In)security 1

Chapter 1 Web Application (In)security 1 Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is

More information

Essential IT Security Testing

Essential IT Security Testing Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04

More information

Information Security Team

Information Security Team Web Server Security Standard Title Web Server Security Standard Document number OX IST 04 201513 Document status Draft Owner Approver(s) CISO TBD Version Version history Version date 0.01 Initial Draft

More information

Citrix XenApp 6.5 Advanced Administration (CXA-301)

Citrix XenApp 6.5 Advanced Administration (CXA-301) Citrix XenApp 6.5 Advanced Administration (CXA-301) In this course, you will learn the skills necessary to monitor, maintain, optimize, and troubleshoot Citrix XenApp 6.5 environments running on Windows

More information

Hardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes

Hardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes 1. HARDENING PHP Hardening Joomla 1.1 Installing Suhosin Suhosin is a PHP Hardening patch which aims to protect the PHP engine and runtime environment from common exploits, such as buffer overflows in

More information

Windows XP Migration: A practical guide to making the transition Part 10: Applications

Windows XP Migration: A practical guide to making the transition Part 10: Applications Windows XP Migration: A practical guide to making the transition Part 10: Applications In part 10 we cover the provision of applications to the new desktops. Part 10 of 11 Xtravirt Limited, Riverbridge

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

The Electronic Arms Race of Cyber Security 4.2 Lecture 7

The Electronic Arms Race of Cyber Security 4.2 Lecture 7 The Electronic Arms Race of Cyber Security 4.2 Lecture 7 ISIMA Clermont-Ferrand / 04-February 2011 Copyright 2011 Dr. Juergen Hirte List of Content Why Process Automation Security? Security Awareness Issues

More information

Citrix Training. Course: Citrix Training. Duration: 40 hours. Mode of Training: Classroom (Instructor-Led)

Citrix Training. Course: Citrix Training. Duration: 40 hours. Mode of Training: Classroom (Instructor-Led) Citrix Training Course: Citrix Training Duration: 40 hours Mode of Training: Classroom (Instructor-Led) Virtualization has redefined the way IT resources are consumed and services are delivered. It offers

More information

Remote Administration

Remote Administration Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over

More information

Introducing IBM Tivoli Configuration Manager

Introducing IBM Tivoli Configuration Manager IBM Tivoli Configuration Manager Introducing IBM Tivoli Configuration Manager Version 4.2 GC23-4703-00 IBM Tivoli Configuration Manager Introducing IBM Tivoli Configuration Manager Version 4.2 GC23-4703-00

More information

IN10A. MICROSOFT WINDOWS CRITICAL UPDATES October 2014

IN10A. MICROSOFT WINDOWS CRITICAL UPDATES October 2014 IN10A MICROSOFT WINDOWS CRITICAL UPDATES October 2014 The following list of security patch updates have been tested and approved for IN10A R1.0 Imaging and Workflow Management System compatibility. Prior

More information