Displaying 20 results from an estimated 23 matches for "owasp".
Did you mean:
owas1
2019 Feb 13
3
Using SHA256/512 for SQL based password
...>> you maybe would like to have a look to the hashing algo ARGON2I
>>> which is
>>> currently recommended for new developments and deployments.
>>
>> Recommended by whom?
>>
>> Can you provide a link?
>
> Sure, please see here:
> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>
>>
>>
>> And if I was adventurous about hashes, I would be looking more at
>> Keccak.
>>
>>
>> Check out my Internet Draft:
>>
>>
>> draft-moskowitz-small-crypto-00.txt
>
> Thanks for...
2019 Feb 13
1
Using SHA256/512 for SQL based password
...ook to the hashing algo ARGON2I
>>>>> which is
>>>>> currently recommended for new developments and deployments.
>>>> Recommended by whom?
>>>>
>>>> Can you provide a link?
>>> Sure, please see here:
>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>>>
>>>>
>>>> And if I was adventurous about hashes, I would be looking more at
>>>> Keccak.
>>>>
>>>>
>>>> Check out my Internet Draft:
>>>>
>>>>
>...
2015 Feb 03
0
Another Fedora decision
...aces it makes my brain hurt just thinking about it. Google
and Wikipedia will keep you busy for a long while.
Off the top of my head:
There are some online "Security Handbooks" around (I think RedHat
publish one) which lay some of the basic ground work.
SANS (http://www.sans.org/) and OWASP (https://www.owasp.org/) have
some good resources. If you are cashed up, you can even do courses
with SANS.
Reading about the security infrastructure that you are already using
is a good idea, often accessible via mysterious things called "man
pages". I learned a lot simply by reading a...
2019 Feb 13
3
Using SHA256/512 for SQL based password
...ook to the hashing algo ARGON2I
>>>>> which is
>>>>> currently recommended for new developments and deployments.
>>>> Recommended by whom?
>>>>
>>>> Can you provide a link?
>>> Sure, please see here:
>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>>>
>>>>
>>>> And if I was adventurous about hashes, I would be looking more at
>>>> Keccak.
>>>>
>>>>
>>>> Check out my Internet Draft:
>>>>
>>>>
>...
2009 Nov 11
4
Sessions
I''m an experienced programmer, but new to Rails.
I would like to echo an unanswered question I''ve recently read
elsewhere.
Can any recommend an overview of get/post, cookies, sessions, etc.,
and how Ruby on Rails interacts with all of this?
I''m interested in understanding how to harden a Rails application
Regards
--
Dave
2019 Feb 12
4
Using SHA256/512 for SQL based password
On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote:
> Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot:
>> I have trying to find how to set the dovecot-sql.conf for using
>> SHA256/512.? I am going to start clean with the stronger format, not
>> migrate from the old MD5.? It seems all I need is:
> you maybe would like to have a look to the hashing algo
2015 Feb 03
6
Another Fedora decision
OK, folks. You're doing a great job of describing the current milieu
with a rough description of some best practices.
Now how about some specific sources you personally used to learn your
craft that we can use likewise?
PatrickD
2015 Aug 11
4
Apache mod_perl cross site scripting vulnerability
Hello,
I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The
Red Hat Security Response Team has rated this issue as having moderate
security impact and bug as wontfix.
Explanation: The vulnerability affects non default configuration of
Apache HTTP web server, i.e cases, when access to Apache::Status and
Apache2::Status resources is explicitly allowed via <Location
2019 Feb 14
3
Using SHA256/512 for SQL based password
...> which is
>>>>>>> currently recommended for new developments and deployments.
>>>>>> Recommended by whom?
>>>>>>
>>>>>> Can you provide a link?
>>>>> Sure, please see here:
>>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>>>>>
>>>>>>
>>>>>> And if I was adventurous about hashes, I would be looking more at
>>>>>> Keccak.
>>>>>>
>>>>>>
>>>>>> Check out m...
2015 Aug 12
0
Apache mod_perl cross site scripting vulnerability
...e that naively echoes the entire
request URL as part of the page? You need to be using
htmlspecialchars() or HTML::Entities or whatever your
language/environment has to escape strings for safe inclusion in HTML
content.
There is of course more to it than that (sigh), try for starters:
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
--ln
2017 Jul 16
1
Getting started with mod_security
Hi,
I'm currently fiddling with mod_security, and before going any further,
I simply wanted to ask here for any recommended documentation/tutorials
on the subject. There seems to be a lot of information about
mod_security out there, and right now I have a bit of a hard time
wrapping my head around it.
I'm grateful for any suggestions.
Cheers,
Niki Kovacs
--
Microlinux - Solutions
2019 Feb 13
0
Using SHA256/512 for SQL based password
...rate from the old MD5. It seems all I need is:
>> you maybe would like to have a look to the hashing algo ARGON2I which is
>> currently recommended for new developments and deployments.
>
> Recommended by whom?
>
> Can you provide a link?
Sure, please see here:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>
>
> And if I was adventurous about hashes, I would be looking more at Keccak.
>
>
> Check out my Internet Draft:
>
>
> draft-moskowitz-small-crypto-00.txt
Thanks for the tip, will have a look for into it.
Gru?
Matthias
2019 Feb 13
0
Using SHA256/512 for SQL based password
...ve a look to the hashing algo ARGON2I
>>>> which is
>>>> currently recommended for new developments and deployments.
>>>
>>> Recommended by whom?
>>>
>>> Can you provide a link?
>>
>> Sure, please see here:
>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>>
>>>
>>>
>>> And if I was adventurous about hashes, I would be looking more at
>>> Keccak.
>>>
>>>
>>> Check out my Internet Draft:
>>>
>>>
>>> draft-moskowit...
2006 Jan 09
3
XSS prevention with Rails
Hi!
I wanna take a stab at implementing better XSS prevention for Rails.
This time for real =)
I''m wondering what would be the better way, clean everything up with
tidy first and then do the rest with regexp or regexp all the way?
Anybody done this before?
Thanks!
Ciao!
Florian
2011 Feb 28
2
how to make centos safty(php+mysql)
hi,every
i have a php project and use centos to go
and how to make folder's privilage and make it saft
like: /home/htdocs/test
chown -R www:www /home/htdocs/test
chmod -R 644 /home/htdocs/test
etc
thanks very much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110228/ddeda51b/attachment.html>
2005 Sep 19
0
RUXCON 2005 Update
...s years conference.
Our speakers list is complete [1] and our timetable has been finalised
[2]. Below is a list of presentations for RUXCON 2005 (in order of
acceptance):
1. Breaking Mac OSX - Ilja Van Sprundel & Neil Archibald
2. Binary protection schemes - Andrew Griffiths
3. Using OWASP Guide 2.0 for Deep Penetration Testing - Andrew van
der Stock
4. Black Box Web Application Penetration Testing - David Jorm
5. Long Filename, Long Parameter, Malformed Data. Another Day,
Another Vulnerability. Same Bug, Different App. - Brett Moore
6. Computer Forensics: Practise and Proce...
2009 May 21
0
"HTTP Parameter Pollution" and Rails
Today there was a posting by Stefano di Paola to the Web Security
Mailing List,
http://www.webappsec.org/lists/websecurity
about "HTTP Parameter Pollution", with a reference to his and Luca
Carettoni presentation at
http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf
The point is that different web servers/backends behave differently when
handling requests such as
GET /foo?par1=val1&par1=val2 HTTP/1.1
User-Agent: Mozilla/5.0
Host: Host
Accept: */*
POST /foo HTTP/1.1
User-Agent:...
2019 Feb 13
0
Using SHA256/512 for SQL based password
...2I
>>>>>> which is
>>>>>> currently recommended for new developments and deployments.
>>>>> Recommended by whom?
>>>>>
>>>>> Can you provide a link?
>>>> Sure, please see here:
>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
>>>>
>>>>>
>>>>> And if I was adventurous about hashes, I would be looking more at
>>>>> Keccak.
>>>>>
>>>>>
>>>>> Check out my Internet Draft:
>&g...
2019 Feb 17
0
Using SHA256/512 for SQL based password
...;>>>> currently recommended for new developments and deployments.
> >>>>>> Recommended by whom?
> >>>>>>
> >>>>>> Can you provide a link?
> >>>>> Sure, please see here:
> >>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
> >>>>>
> >>>>>>
> >>>>>> And if I was adventurous about hashes, I would be looking more at
> >>>>>> Keccak.
> >>>>>>
> >>>>>>
> &...
2015 Aug 12
2
Apache mod_perl cross site scripting vulnerability
...rt".
Is there way to use curl for testing? I'm getting new line because of
the single quote inside string and escaping it with back slash gives me
bash: syntax error near unexpected token `<'
> There is of course more to it than that (sigh), try for starters:
> https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Very nice reading, thanks!