Secure Programming Mode:
(Page 2 of 36)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
Java -> .NET RSA Encryption 2005-03-28
john bart (sysadmin256 hotmail com)
Hello all,
I want to RSA encrypt a message in a java environment, and to decrypt it in
.NET.
I thought it would be easy - encrypt the message using a public key (java
environment), and decrypt it (.net environment) with the private key. Sounds
simple in theory...

So far, i didn't manage to do th

[ more ]  [ reply ]
Re: ASP/ASP.NET Session IDs 2005-03-17
Steven DeFord (security willworker gmail com)
On Thu, 17 Mar 2005 18:35:02 -0500, Darren Bounds
<dbounds (at) intrusense (dot) com [email concealed]> wrote:
> Based on your question it sounds like you're missing an important step
> in the process. The 16-byte cookie string is not merely an encrypted
> 32-bit unsigned integer, but rather the 32-bits combined with X bits of

[ more ]  [ reply ]
ASP/ASP.NET Session IDs 2005-03-17
Steven DeFord (security willworker gmail com)
I know that TCP sequence numbers have been examined in detail to see
if TCP sessions can be hijacked by guessing sequence numbers. Has any
similar research been done on ASP/ASP.NET Session id numbers?

The MSDN (at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnasp/h
tml/aspwsm.a

[ more ]  [ reply ]
Ber encoding for ldap response control. 2005-03-17
Babu Kopparam (babukopparam gmail com) (1 replies)


Hi!

I am using JNDI for LDAP Binding (passing userid and password while creating initialcontext) for authentication purpose.

In case, the user's password is expirying in x days, i am getting a response control from the context object where the control has the value which is BER Encoded.

Can som

[ more ]  [ reply ]
Re: Ber encoding for ldap response control. 2005-03-17
Brian Reichert (reichert numachi com)
Re: calling all software security tool vendors/freeware/open source project leads 2005-03-16
David A. Wheeler (dwheeler ida org) (1 replies)
My flawfinder home home at http://www.dwheeler.com/flawfinder
links to a number of tools & papers for static source code
analysis to find security flaws.

Until Arian Evans' master list is available at OWASP,
if you're looking for information that might be a
good place to start. (Arian Evans is alre

[ more ]  [ reply ]
RE: calling all software security tool vendors/freeware/open source project leads 2005-03-14
Evans, Arian (Arian Evans fishnetsecurity com)
Kyle, the big answer is: [comments inline]

> -----Original Message-----
> From: Kyle Quest [mailto:Kyle.Quest (at) networkengines (dot) com [email concealed]]
> Sent: Sunday, March 13, 2005 2:04 PM
> To: Evans, Arian; secprog (at) securityfocus (dot) com [email concealed];
> Subject: RE: calling all software security tool vendors/freeware/open
>
> the bi

[ more ]  [ reply ]
RE: calling all software security tool vendors/freeware/open source project leads 2005-03-13
Kyle Quest (Kyle Quest networkengines com)
the big question is... why would people want to drop everything
and run... like puppies... just to participate in what seems
to be somebody's commercial project.

-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans (at) fishnetsecurity (dot) com [email concealed]]
Sent: Friday, March 11, 2005 6:36 PM
To: secprog@s

[ more ]  [ reply ]
Clarification to: -->calling all software security tool vendors/freeware/open source project leads 2005-03-13
Evans, Arian (Arian Evans fishnetsecurity com)
On Friday my admittedly small mind produced the email included below,
which has resulted in a lot of well-meaning replies not in the area I
am looking for. The problem is that I declined to provide a translation
key for my ambiguous terminology.

"Software Security Tools" = "Software tools to test o

[ more ]  [ reply ]
calling all software security tool vendors/freeware/open source project leads 2005-03-11
Evans, Arian (Arian Evans fishnetsecurity com)
If you are a vendor of a software security tool, fault injection,
binary analysis, source code analysis, blah-foo, etc., please
contact me if we haven't spoken already.

I am finalizing a comprehensive list and doing a final check
to make sure I've accounted for all the software security
tool vendor

[ more ]  [ reply ]
Categories for application security testing & tools 2005-03-02
Evans, Arian (Arian Evans fishnetsecurity com) (1 replies)
What: need for a Talisker or SANS-type tool-list resource for application
security testing/analysis tools, and eventually (maybe) app-firewalls/IDS.

This email: Propose categories for organizing application security tools.

Proposal: Categorize by type of testing one would use the tool to perform.

[ more ]  [ reply ]
Re: Categories for application security testing & tools 2005-04-02
Ashish Popli (apopli gmail com)
WASC-Articles: 'The Insecure Indexing Vulnerability - Attacks Against Local Search Engines' By Amit Klein 2005-02-28
robert webappsec org
The Web Application Security Consortium is proud to present 'The Insecure Indexing
Vulnerability - Attacks Against Local Search Engines' written by Amit Klein. In
this article Amit discusses the risks associated with using a local search engine
that indexes its content locally.

This document can

[ more ]  [ reply ]
Re: Suggestion for work in Cryptographic Protocol Analysis 2005-02-25
liam jurado (nkt linuxmail org)
hi,

see http://www.criptored.upm.es/paginas/docencia.htm

nkt

----- Original Message -----
From: André <andrecompbr (at) yahoo.com (dot) br [email concealed]>
To: security-basics (at) securityfocus (dot) com [email concealed], secprog (at) securityfocus (dot) com [email concealed]
Subject: Suggestion for work in Cryptographic Protocol Analysis
Date: Thu, 24 Feb 2005 11

[ more ]  [ reply ]
Suggestion for work in Cryptographic Protocol Analysis 2005-02-24
André (andrecompbr yahoo com br) (2 replies)
I'm an under graduating student from Brazil and I'm
intending to do my graduate work on Cryptographic
Protocol Analysis, but I'm not sure what way to
follow.
There are many research in this area; I have read
about Contraint Solving and it's very interesting;
also I read about CAPSL and it's interes

[ more ]  [ reply ]
Re: Suggestion for work in Cryptographic Protocol Analysis 2005-02-25
Thomas Biege (TheTom unixisnot4dummies org)
Software security specifications 2005-02-21
i.matilde (at) gmail (dot) com [email concealed] (i matilde gmail com) (3 replies)
I need to develop a policy that will list security requirements for
new applications developed internally or by contractors, general
specifications like validate input ecc...., I am looking for some good
resources on the subject, any recommendations?

Best Regards,

Shawn

[ more ]  [ reply ]
Re: Software security specifications 2005-02-22
Angelo Perniola (perniola gmail com) (1 replies)
Re: Software security specifications 2005-02-24
Andrew van der Stock (vanderaj greebo net)
Re: Software security specifications 2005-02-22
udayan pathak (udayan_pathak yahoo com) (1 replies)
Re: Software security specifications 2005-02-22
i.matilde (at) gmail (dot) com [email concealed] (i matilde gmail com)
Re: Software security specifications 2005-02-22
Jeff Williams (jeff williams aspectsecurity com)
Doubt in Security basics 2005-02-15
Babu Kopparam (babukopparam gmail com) (3 replies)


Hi! List,

Probably i feel this doubt is related with basic knowledge.

Whenever capturing the password, char[] is used instead of String object. What purpose does this solve.
--- I am referring to JAVA.

Thanks in advance,
-Babu.

[ more ]  [ reply ]
Re: Doubt in Security basics 2005-02-15
Roland Illig (roland illig gmx de)
Re: Doubt in Security basics 2005-02-15
Randy (rho clunet edu)
Re: Doubt in Security basics 2005-02-15
Kevin Conaway (kevin conaway gmail com)
(Page 2 of 36)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus