On Security

Sverre's Writings on Information Security


Internet Hygiene: Securing Your Windows PC

December 2000. Advice on how one should protect a PC from the threats lurking on the Internet. Published on SecurityPortal.com February 1, 2001.

Web Application Security

Common Security Problems in the Code of Dynamic Web Applications

June 2005. The majority of occurring software security holes in web applications may be sorted into just two categories: Failure to deal with metacharacters, and authorization problems due to giving too much trust in input. This article gives several examples from both categories, and then adds some from other categories as well.

Incompatible Parameter Parsing

April 2005. On attacks that may be possible if different parts of an application use incompatible methods when extracting incoming parameters.

Using Binary Search with SQL Injection

August 2003. On extracting secrets using binary search through scripts vulnerable to SQL Injection.

Why Clear Text Passwords are Bad, and How to Avoid Them

November 2001. Why it's a bad idea to store clear text passwords in a database.

Client Side Trojans

November 2001. How attackers may give their victims offers on behalf of a target web site and thereby tricking them into doing something they never intended to do.

Selected E-mails on Web Application Security

Why Escaping Quotes Will not Always Help

vuln-dev, May 2002. Thoughts on passing data to sub-systems and being ignorant.

On HTML Sanitizing on the Input Side

vuln-dev, March 2002. Thoughts on separating input validation and passing of data to sub-systems.

Splitting Input Validation and Meta Character Escaping

vuln-dev, March 2002. Why meta character handling is not the same as input validation.

Cross-site Scripting and Timing When Stealing Sessions

vuln-dev, January 2002. Examples on how timing may not be an issue when stealing session cookies with Cross-site Scripting.

On Client-side Trojans: Controlling MSIE Sessions from Outlook

webappsec, November 2001. How malicious mails with scripts, read using Outlook, may control an authenticated HTTPS session in Internet Explorer.

[Home] [Security] [Sikkerhet] [Adv] [Book] [CV] [Logos] [About]
[Zaurus] [Java] [Linux] [MS-DOS] [Patches] [Music] [MrWalker] [Scriptorium]
$Id: index-en.html.m4,v 1.5 2005-06-17 17:10:54 sverrehu Exp $