SecurityFocus

Passive Network Analysis
Defenders know their networks better than their adversaries possibly can. It's time to use this home-field advantage against the attackers, says Stephen Barish.
By: Stephen Barish 2007-09-28
http://www.securityfocus.com/infocus/1894

VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
Convergence - the integration of voice and data into a single network. It promises to reduce costs, improve quality, and simplify management. But as voice should exist on the network as yet another application, it poses new challenges to the enterprise and new potential security risks arise.
By: Jason Ostrom, John Kindervag 2007-09-10
http://www.securityfocus.com/infocus/1892

Testing Fault Injection in Local Applications
This article is a book excerpt that looks at the approach and techniques used to test the security of local applications. It describes local resources and interprocess communication, how to enumerate the local resources an application depends on, and then discusses methods of testing several of those types of resources. It also describes how to test ActiveX objects, command-line programs, and applications' use of local files and shared memory.
By: Chris Wysopal, Lucas Nelson, et al. 2007-01-23
http://www.securityfocus.com/infocus/1886

Vulnerability Scanning Web 2.0 Client-Side Components
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
By: Shreeraj Shah 2006-11-27
http://www.securityfocus.com/infocus/1881

Hacking Web 2.0 Applications with Firefox
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins.
By: Shreeraj Shah 2006-10-11
http://www.securityfocus.com/infocus/1879

Beginner's Guide to Wireless Auditing
This article is designed as a beginner's guide to fuzzing wireless device drivers, starting with how to build an auditing environment, how to construct fuzzing tools and finally, how to interpret the results. This auditing environment can be used for WiFi as well as Bluetooth and infrared devices.
By: David Maynor 2006-09-19
http://www.securityfocus.com/infocus/1877

Five common Web application vulnerabilities
This article looks at five common Web application attacks, primarily for PHP applications, and then presents a short case study of a vulnerable Website that was found using Google and easily exploited.
By: Sumit Siddharth, Pratiksha Doshi 2006-04-28
http://www.securityfocus.com/infocus/1864

Two attacks against VoIP
This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. The first attack demonstrates the ability to hijack a user's VoIP Subscription and subsequent communications. The second attack looks at the ability to eavesdrop in to VoIP communications.
By: Peter Thermos 2006-04-04
http://www.securityfocus.com/infocus/1862

Malicious Malware: attacking the attackers, part 2
This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part two of two.
By: Thorsten Holz, Frederic Raynal 2006-02-02
http://www.securityfocus.com/infocus/1857

Malicious Malware: attacking the attackers, part 1
This article explores measures to attack those malicious attackers who seek to harm our legitimate systems. The proactive use of exploits and bot networks that fight other bot networks, along with social engineering and attacker techniques are all discussed in an ethical manner. Part one of two.
By: Thorsten Holz, Frederic Raynal 2006-01-31
http://www.securityfocus.com/infocus/1856