Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: firstname.lastname@example.org
Passive Network Analysis
Defenders know their networks better than their adversaries possibly can. It's time to use this home-field advantage against the attackers, says Stephen Barish.
VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
Convergence - the integration of voice and data into a single network. It promises to reduce costs, improve quality, and simplify management. But as voice should exist on the network as yet another application, it poses new challenges to the enterprise and new potential security risks arise.
Testing Fault Injection in Local Applications
This article is a book excerpt that looks at the approach and techniques used to test the security of local applications. It describes local resources and interprocess communication, how to enumerate the local resources an application depends on, and then discusses methods of testing several of those types of resources. It also describes how to test ActiveX objects, command-line programs, and applications' use of local files and shared memory.
Vulnerability Scanning Web 2.0 Client-Side Components
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
Hacking Web 2.0 Applications with Firefox
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins.
Beginner's Guide to Wireless Auditing
This article is designed as a beginner's guide to fuzzing wireless device drivers, starting with how to build an auditing environment, how to construct fuzzing tools and finally, how to interpret the results. This auditing environment can be used for WiFi as well as Bluetooth and infrared devices.
Five common Web application vulnerabilities
This article looks at five common Web application attacks, primarily for PHP applications, and then presents a short case study of a vulnerable Website that was found using Google and easily exploited.
Two attacks against VoIP
This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications.
Malicious Malware: attacking the attackers, part 2
This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part two of two.
Malicious Malware: attacking the attackers, part 1
This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part one of two.