References And Further Reading

Reference

Link

Relevant Security Advisories

 

Microsoft Security Bulletin MS04-011, SSL PCT Buffer Overflow

http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

"Multiple Vulnerabilities in Sun-One Application Server," includes a log evasion issue

http://www.spidynamics.com/spilabs/advisories/sun-one.html

"Preventing Log Evasion in IIS," by Robert Auger

http://www.webappsec.org/projects/articles/082905.shtml

TRACK Log Bypass

http://secunia.com/advisories/10506/

BEA WebLogic Advisory

http://dev2dev.bea.com/pub/advisory/65

Apache Mailing Listsrecommend subscription to announcements to receive security bulletin information

http://httpd.apache.org/lists.html

PHPXMLRPC Remote PHP Code Injection Vulnerability

http://www. hardened -php.net/advisory_152005.67.html

PEAR XML_RPC Remote PHP Code Injection Vulnerability

http://www.hardened-php.net/advisory_142005.66.html

phpAdsNew XML-RPC PHP Code Execution Vulnerability

http://secunia.com/advisories/15883/

A Study In Scarlet, Exploiting Common Vulnerabilities in PHP Applications

http://hcs. harvard .edu/~acctserv/help/studyinscarlet.txt

PEAR XML-RPC patch

http://pear.php.net/package/XML_RPC/

XML-RPC for PHP patch

http://phpxmlrpc. sourceforge .net

WebInsta patch

http://www.webinsta.com/downloadm.html

Published Exploits

 

Microsoft PCT buffer overflow

www.k-otik.com

Free Tools

 

jad, the Java disassembler

 

Apache ModSecurity

http://www.modsecurity.org

ModChroot

http:// core .segfault.pl/~hobbit/mod_chroot/

Apache chroot(2) patch by Arjan De Vet

http://www.devet.org/apache/chroot/

Apache SuExec documentation

http://httpd.apache.org/docs/

The Center for Internet Security (CIS) Apache Benchmark tool and documentation

http://www.cisecurity.org/bench_apache.html

Microsoft Update Service

 

Microsoft IISLockdown and URLScan tools

http://www.microsoft.com/

Cygwin

http://www.cygwin.com/

Commercial Tools

 

CORE IMPACT, a penetration testing suite from Core Security Technologies

http://www.corest.com/

CANVAS Professional, an exploit development framework from Immunity

http://www.immunitysec.com

General References

 

IIS Security Checklist

http://www.microsoft.com/security

URLScan Information Page

http://www.microsoft.com/technet/security/tools/urlscan.mspx

"Preventing Log Evasion in IIS"

http://www.webappsec.org/projects/articles/082905.shtml

"Securing Apache: Step By Step," by Ryan C. Barnett

http://www.cgisecurity.com/lib/ryan_barnett_gcux_practical.html

Bastille Linux Hardening Program

http://www.bastille-linux.org

Apache Security by Ivan Ristic (O'Reilly)

http://www.apachesecurity.net/



Hacking Exposed Web Applications
HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
ISBN: 0071740643
EAN: 2147483647
Year: 2006
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net