search for: owasp

...>> you maybe would like to have a look to the hashing algo ARGON2I >>> which is >>> currently recommended for new developments and deployments. >> >> Recommended by whom? >> >> Can you provide a link? > > Sure, please see here: > https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > >> >> >> And if I was adventurous about hashes, I would be looking more at >> Keccak. >> >> >> Check out my Internet Draft: >> >> >> draft-moskowitz-small-crypto-00.txt > > Thanks for...

...ook to the hashing algo ARGON2I >>>>> which is >>>>> currently recommended for new developments and deployments. >>>> Recommended by whom? >>>> >>>> Can you provide a link? >>> Sure, please see here: >>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >>> >>>> >>>> And if I was adventurous about hashes, I would be looking more at >>>> Keccak. >>>> >>>> >>>> Check out my Internet Draft: >>>> >>>> >...

...aces it makes my brain hurt just thinking about it. Google and Wikipedia will keep you busy for a long while. Off the top of my head: There are some online "Security Handbooks" around (I think RedHat publish one) which lay some of the basic ground work. SANS (http://www.sans.org/) and OWASP (https://www.owasp.org/) have some good resources. If you are cashed up, you can even do courses with SANS. Reading about the security infrastructure that you are already using is a good idea, often accessible via mysterious things called "man pages". I learned a lot simply by reading a...

...ook to the hashing algo ARGON2I >>>>> which is >>>>> currently recommended for new developments and deployments. >>>> Recommended by whom? >>>> >>>> Can you provide a link? >>> Sure, please see here: >>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >>> >>>> >>>> And if I was adventurous about hashes, I would be looking more at >>>> Keccak. >>>> >>>> >>>> Check out my Internet Draft: >>>> >>>> >...

I''m an experienced programmer, but new to Rails. I would like to echo an unanswered question I''ve recently read elsewhere. Can any recommend an overview of get/post, cookies, sessions, etc., and how Ruby on Rails interacts with all of this? I''m interested in understanding how to harden a Rails application Regards -- Dave

On 2/12/19 6:03 PM, Matthias Fechner via dovecot wrote: > Am 12.02.2019 um 17:05 schrieb Robert Moskowitz via dovecot: >> I have trying to find how to set the dovecot-sql.conf for using >> SHA256/512.? I am going to start clean with the stronger format, not >> migrate from the old MD5.? It seems all I need is: > you maybe would like to have a look to the hashing algo

OK, folks. You're doing a great job of describing the current milieu with a rough description of some best practices. Now how about some specific sources you personally used to learn your craft that we can use likewise? PatrickD

Hello, I've failed latest PCI scan because of CVE-2009-0796. Centos 6.7. The Red Hat Security Response Team has rated this issue as having moderate security impact and bug as wontfix. Explanation: The vulnerability affects non default configuration of Apache HTTP web server, i.e cases, when access to Apache::Status and Apache2::Status resources is explicitly allowed via <Location

...> which is >>>>>>> currently recommended for new developments and deployments. >>>>>> Recommended by whom? >>>>>> >>>>>> Can you provide a link? >>>>> Sure, please see here: >>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >>>>> >>>>>> >>>>>> And if I was adventurous about hashes, I would be looking more at >>>>>> Keccak. >>>>>> >>>>>> >>>>>> Check out m...

...e that naively echoes the entire request URL as part of the page? You need to be using htmlspecialchars() or HTML::Entities or whatever your language/environment has to escape strings for safe inclusion in HTML content. There is of course more to it than that (sigh), try for starters: https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet --ln

Hi, I'm currently fiddling with mod_security, and before going any further, I simply wanted to ask here for any recommended documentation/tutorials on the subject. There seems to be a lot of information about mod_security out there, and right now I have a bit of a hard time wrapping my head around it. I'm grateful for any suggestions. Cheers, Niki Kovacs -- Microlinux - Solutions

...rate from the old MD5. It seems all I need is: >> you maybe would like to have a look to the hashing algo ARGON2I which is >> currently recommended for new developments and deployments. > > Recommended by whom? > > Can you provide a link? Sure, please see here: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > > > And if I was adventurous about hashes, I would be looking more at Keccak. > > > Check out my Internet Draft: > > > draft-moskowitz-small-crypto-00.txt Thanks for the tip, will have a look for into it. Gru? Matthias

...ve a look to the hashing algo ARGON2I >>>> which is >>>> currently recommended for new developments and deployments. >>> >>> Recommended by whom? >>> >>> Can you provide a link? >> >> Sure, please see here: >> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >> >>> >>> >>> And if I was adventurous about hashes, I would be looking more at >>> Keccak. >>> >>> >>> Check out my Internet Draft: >>> >>> >>> draft-moskowit...

Hi! I wanna take a stab at implementing better XSS prevention for Rails. This time for real =) I''m wondering what would be the better way, clean everything up with tidy first and then do the rest with regexp or regexp all the way? Anybody done this before? Thanks! Ciao! Florian

hi,every i have a php project and use centos to go and how to make folder's privilage and make it saft like: /home/htdocs/test chown -R www:www /home/htdocs/test chmod -R 644 /home/htdocs/test etc thanks very much -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110228/ddeda51b/attachment.html>

...s years conference. Our speakers list is complete [1] and our timetable has been finalised [2]. Below is a list of presentations for RUXCON 2005 (in order of acceptance): 1. Breaking Mac OSX - Ilja Van Sprundel & Neil Archibald 2. Binary protection schemes - Andrew Griffiths 3. Using OWASP Guide 2.0 for Deep Penetration Testing - Andrew van der Stock 4. Black Box Web Application Penetration Testing - David Jorm 5. Long Filename, Long Parameter, Malformed Data. Another Day, Another Vulnerability. Same Bug, Different App. - Brett Moore 6. Computer Forensics: Practise and Proce...

Today there was a posting by Stefano di Paola to the Web Security Mailing List, http://www.webappsec.org/lists/websecurity about "HTTP Parameter Pollution", with a reference to his and Luca Carettoni presentation at http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf The point is that different web servers/backends behave differently when handling requests such as GET /foo?par1=val1&par1=val2 HTTP/1.1 User-Agent: Mozilla/5.0 Host: Host Accept: */* POST /foo HTTP/1.1 User-Agent:...

...2I >>>>>> which is >>>>>> currently recommended for new developments and deployments. >>>>> Recommended by whom? >>>>> >>>>> Can you provide a link? >>>> Sure, please see here: >>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet >>>> >>>>> >>>>> And if I was adventurous about hashes, I would be looking more at >>>>> Keccak. >>>>> >>>>> >>>>> Check out my Internet Draft: >&g...

...;>>>> currently recommended for new developments and deployments. > >>>>>> Recommended by whom? > >>>>>> > >>>>>> Can you provide a link? > >>>>> Sure, please see here: > >>>>> https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet > >>>>> > >>>>>> > >>>>>> And if I was adventurous about hashes, I would be looking more at > >>>>>> Keccak. > >>>>>> > >>>>>> > &...

...rt". Is there way to use curl for testing? I'm getting new line because of the single quote inside string and escaping it with back slash gives me bash: syntax error near unexpected token `<' > There is of course more to it than that (sigh), try for starters: > https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet Very nice reading, thanks!