September 2006
HTTP Request Smuggling
by Prashant Gawade
With the advent of HTTP-aware firewalls, IPSs, a lot of developers relax a little bit on strengthening the security of an application. Application firewalls are able to lock out most of the automated attacks on websites. However a new attack vector has been discovered which can bypass application firewalls too. HTTP request smuggling allows an attacker to send malicious requests across proxies and firewalls to the web server. Let’s have a short description of the attack techinique.… more →
Anti-Phishing Techniques - Detection Measures
by Jose Varghese, CISSP, GSEC, GCIH, CBCP, BS7799 LA
As was outlined in the first part of this series, there are several methods to protect users from phishing attacks. But prevention is not enough. We need detection measures to get early warning signals when a phishing attack is being planned or is in progress.Before we get into detection measures let us look at the steps the attackers does while executing a phishing attack.… more →
Securing IIS Web Servers
by Siddharth Anbalahan
In our previous article we showed how to securely deploy one of the most popular web servers, i.e. Apache web server. In this article we cover how we can secure the IIS 6.0 web server. Microsoft’s initiative towards security, Trustworthy Computing, is based on four pillars as defined by Microsoft:… more →
Quiz: