Content tagged as 'Infosec'

Here is a list of all the content that has been tagged as infosec.

Christchurch Hacker Con

The second CHCon: A conference aiming to raise awareness and skill levels of information security within our community.

OWASP New Zealand Day

The ninth conference of its kind. Dedicated to information security, with an emphasis on secure architecture and development techniques to help Kiwi developers build more secure applications.

Captcha Considerations

Lack of captchas are a risk, but so are captchas themselves…

Lack of Visibility in Web Applications

Not being able to introspect your application at any given time or being able to know how the health status is, is not a comfortable place to be in and there is no reason you should be there.

Consuming Free and Open Source

Redirects to legacy blog post.

This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

Risks and Countermeasures to the Management of Application Secrets

Redirects to legacy blog post.

Evaluation of Host Intrusion Detection Systems (HIDS)

Redirects to legacy blog post.

The best time to install a HIDS is on a fresh install before you open the host up to the internet or even your LAN if it’s corporate. Of course if you don’t have that luxury, there are a bunch of tools that can help you determine if you’re already owned. Be sure to run one or more over your target system before your HIDS bench-marks it.

Web Server Log Management

Redirects to legacy blog post.

As part of the ongoing work around preparing a Debian web server to host applications accessible from the WWW I performed some research, analysis, made decisions along the way and implemented a first stage logging strategy. I’ve done similar set-ups many times before, but thought it worth sharing my experience for all to learn something from it and/or provide input, recommendations, corrections to the process so we all get to improve.

Up and Running with Kali Linux and Friends

Redirects to legacy blog post.

In this article I’ll go over getting Kali Linux installed and set-up. I’ll go over a few of the packages in a low level of detail (due to the share number of them) that come out of the box. On top of that I’ll also go over a few programmes I like to install separately. In a subsequent article I’d like to continue with additional programmes that come with Kali Linux as there are just to many to cover in one go.