Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
Social engineering takes many form; some obvious, some not so obvious. One not so obvious form is that of questionnaires—be it a knock on the door to answer a survey for a “census” worker, or a “harmless” quiz found on a social networking site. Depending upon their content, they can serve as a very powerful means of capturing and correlating information for nefarious purposes.
Application security has become a major concern in recent years. Hackers are using new techniques to gain access to sensitive data, disable applications and administer other malicious activities aimed at the software application.
Web applications are very enticing to corporations. They provide quick access to corporate resources; user-friendly interfaces, and deployment to remote users is effortless. For the very same reasons web applications can be a serious security risk to the corporation.
This paper characterizes this particular category of security vulnerabilities, describes various types of TOCTTOUs and particular situations in which they have arisen historically, and presents a short set of guidelines for reducing or eliminating these flaws.
By: Suhairi Mohd Jawi (posted on October 31, 2003)
This paper is to list some points that each web programmer has to consider while coding a web based application that interacts with user inputs through CGI as well as tools that can be used to test it.
This paper will attempt to take a small step in raising the security community's awareness of growing security risks related to off-shore development by examining some of the issues and potential threats.
By: Sayed Jamil Ahmed (posted on October 31, 2003)
This paper will discuss what I feel are the main issues in secure programming in the C programming language in a UNIX environment (Buffer Overflows, Format Strings and Race Conditions), topics such as overflows are relevant in Windows too.
This paper describes how cross-site scripting works and what makes an application vulnerable, along with suggestions for developers about tools for discovering cross-site scripting vulnerabilities in their applications and recommended practices for creating applications that are less vulnerable to the attack and more resilient against successful cross-site scripting attacks.