Call for papers
SecurityFocus ( www.securityfocus.com ) is currently accepting submissions for new Infocus articles. We would like to extend an invitation to security researchers, authors and academics for submissions on topics of interest to the security community. Submissions should include a short summary along with the author's name, email address and contact information. All submissions should be in MS Word format and should be sent to: email@example.com
Detecting SQL Injection in Oracle
This paper takes the subject of SQL injection further and investigates the possibilities for the Oracle Database Administrator to detect SQL injection in the wild.
Securing PHP: Step-by-Step
This article shows the basic steps in securing PHP, one of the most popular scripting languages used to create dynamic web pages on the Internet.
Securing Apache: Step-by-Step
This article shows in a step-by-step fashion, how to install and configure the Apache 1.3.x Web server in order to mitigate or avoid successful break-in when new vulnerabilities in this software are found.
Introduction to Simple Oracle Auditing
This article will introduce the reader to the basics of auditing an Oracle database.
Cryptographic File Systems, Part Two: Implementation
This is the second article in a two-part series looking at cryptographic filesystems. This article will cover implementation. The focus will be on implementing the Microsoft's EFS under Windows 2000 and the Linux CryptoAPI.
Incident Response Tools For Unix, Part One: System Tools
This article is the first in a three-part series on tools that are useful during incident response and investigation after a compromise has occurred on a OpenBSD, Linux, or Solaris system. This installment will focus on system tools, the second part will discuss file-system tools, and the concluding article will look at network tools.
Cryptographic Filesystems, Part One: Design and Implementation
Cryptographic filesystems have recently come to the forefront of security. This article will discuss some of the background and technology of cryptographic filesystems and will then cover some example implementations of these filesystems including Microsoft's Encrypting File System for Windows 2000, the Linux CryptoAPI, and the Secure File System.
Secure MySQL Database Design
Databases are commonly referred to the keys to the kingdom, meaning that once they are compromised, all the valuable data that is stored there could fall into the hands of the attacker. With this in mind, this article will discuss various methods to secure databases, specifically one of the most popular freeware databases in use today, MySQL.
SunScreen, Part Two: Policies, Rules, and NAT
This is the second of a two-part series looking at SunScreen, Sun Microsystem's firewall product, which provides a variety of features that allow system and network administrators to secure their networks as well as provide for remote access capabilities. This article will cover the some of the rudimentary facilities in SunScreen such as adding and removing rules, setting up a remote management station, and network address translation.
SunScreen, Part One: An Overview of the Sun Microsystem Firewall
SunScreen is Sun Microsystem's firewall that runs under the Solaris operating system. It provides for packet filtering, authentication and data encryption as well as the creation of IPsec-based VPNs. This article is the first of a two-part series that will offer a brief overview of the implementation and administration of SunScreen.