HackDig : Dig high-quality web security articles for hackers

Tracking Administrator Sessions in Windows Environments

[The post Tracking Administrator Sessions in Windows Environments has been first published on /dev/random] Tracking users with privileged access is a critical task in your security policy (SANS Critical Security Control #12). If the key point is to restrict the number of “power users” to the lowest, it’s not always easy. Most of them will a
Publish At:2015-09-24 13:05 | Read:5521 | Comments:0 | Tags:Logs Management / SIEM OS PowerShell Security access Adminis

It Can Happen to Anyone

Earlier this summer, The Intercept published some details about the NSA’s XKEYSCORE program. Those details included some security issues around logging and authorization: As hard as software developers may try, it’s nearly impossible to write bug-free source code. To compensate for this, developers often rely on multiple layers of security; if attackers can
Publish At:2015-08-19 19:25 | Read:4086 | Comments:0 | Tags:Technical Insight Vulnerabilities Web Application Security A

AppSensor CISO Briefing

Following the release of the Introduction for Developers in February, the OWASP AppSensor team has now created and published a new document aimed at Chief Information Security Officers (CISOs) and others with similar responsibilities.The CISO Briefing is a high-level overview, with pointers to the more detailed resources for specifiers, architects, developer
Publish At:2015-04-24 20:20 | Read:4802 | Comments:0 | Tags:incidents logging operation automation specification technic

Security Information Sharing Standards and Tools

European Union Agency for Network and Information Security (ENISA) has published a summary of security information sharing formats, at the same time of the release of its good practice guide on Actionable Information for Security Incident Response.Actionable security information is accurate and timely information that may help incident handlers reduce the nu
Publish At:2015-02-14 13:00 | Read:3490 | Comments:0 | Tags:technical logging automation incidents threats operation con

OWASP AppSensor Code v2.0.0 Final Release

I was extremely pleased to read yesterday that the final version of the new AppSensor reference implementation has been published following three previous release candidates.The OWASP AppSensor project defines a conceptual framework and methodology that offers prescriptive guidance to implement application intrusion detection and automated response.John Melt
Publish At:2015-01-30 16:15 | Read:3349 | Comments:0 | Tags:logging automation ids technical threats operation developme

OWASP Snakes and Ladders

In a month's time we will probably be in full office party season. I have been preparing something fun to share and use, that is an awareness document for application security risks and controls.Snakes and Ladders is a popular board game, with ancient provenance imported into Great Britain from Asia by the 19th century. The original game showed the effects o
Publish At:2014-11-06 06:15 | Read:5134 | Comments:0 | Tags:preventative data protection code injection business logic p


Share high-quality web security related articles with you:)


Tag Cloud