Search Results

Search found 497 results on 20 pages for 'xss prevention'.

Page 14/20 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • What are some good, free tools to run automated security audits for PHP code?

    - by James Simpson
    I've been looking for some time now and have come up short. The most promising I found was Spike PHP, which seems to no longer work. I'm looking to scan my code for potential risks of SQL Injection, XSS, etc. I've gone through most of my code manually, but with a few hundred thousand lines of code, I'm sure I missed things. If possible, are there any tools that can be downloaded and analyze code on my local machine rather than installing to the live server (this isn't a requirement if not)?

    Read the article

  • Is Hyper-V Server 2008 working on Intel's Atom platform

    - by Josip Medved
    Did anybody try to install Hyper-V on Intel Atom platform? Hyper-V requires: x64 compatible processor with Intel VT or AMD-V technology enabled Hardware Data Execution Prevention (DEP) It seems that both requirements are satisfied with Atom as processor. However, I wonder whether there is some blocking issue (e.g. BIOS that does not support it) since all Atom motherboards I checked had quite old north/south-bridge. My intentions are to run two low-requirements virtual machines (embedded Linux), so performance should not be an issue.

    Read the article

  • Security question pertaining web application deployment

    - by orokusaki
    I am about to deploy a web application (in a couple months) with the following set-up (perhaps anyways): Ubuntu Lucid Lynx with: IP Tables firewall (white-list style with only 3 ports open) Custom SSH port (like 31847 or something) No "root" SSH access Long, random username (not just "admin" or something) with a long password (65 chars) PostgreSQL which only listens to localhost 256 bit SSL Cert Reverse proxy from NGINX to my application server (UWSGI) Assume that my colo is secure (Physical access isn't my concern for the time being) Application-level security (SQL injection, XSS, Directory Traversal, CSRF, etc) Perhaps IP masquerading (but I don't really understand this yet) Does this sound like a secure setup? I hear about people's web apps getting hacked all the time, and part of me thinks, "maybe they're just neglecting something", but the other part of me thinks, "maybe there's nothing you can do to protect your server, and those things are just measures to make it a little harder for script kiddies to get in". If I told you all of this, gave you my IP address, and told you what ports were available, would it be possible for you to get in (assuming you have a penetration testing tool), or is this really protected well.

    Read the article

  • Ask a DNS server what sites it hosts - and how to possibly prevent misuse

    - by Exit
    I've got a server which I host my company website as well as some of my clients. I noticed a domain which I created, but never used, was being attacked by a poke and hope hacker. I imagine that the hacker collected the domain from either hitting my DNS server and requesting what domains are hosted. So, in the interest of prevention and better server management, how would I ask my own DNS server (Linux CentOS 4) what sites are being hosted on it? Also, is there a way to prevent these types of attacks by hiding this information? I would assume that DNS servers would need to keep some information public, but I'm not sure if there is something that most hosts do to help prevent these bandwidth wasting poke and hope attacks. Thanks in advance.

    Read the article

  • PostgreSQL: performance descrease due to index bloatper

    - by Henry-Nicolas Tourneur
    I'm running a PgSQL 8.1 on a CentOS 4.4 system (not upgradable unfortunately). There's a Java app running on top of the PgSQL daemon and we got to reindex the database every 2 months or so. Also important: the database isn't growing. It looks like the bloat is now coming faster than before and this tends to increase. My config is available here, autovacuum daemon is enabled and running quite often: pastebin.com/RytNj7dK You can also find the output of this query wiki.postgresql.org/wiki/Show_database_bloat 3 hours after running reindex: http://pastebin.com/raw.php?i=75fybKyd 72 hours after running reindex: http://pastebin.com/raw.php?i=89VKd7PC Does anyone have any idea what should I tweak to get rid of that growing bloat? Thanks for your help PS: due to antispam prevention system, I had to remove the first 2 http:// prefixes for my two first links.

    Read the article

  • Web Application Vulnerability Scanner suggestions?

    - by Chris_K
    I'm looking for a new tool for the ol' admin toolkit and would value some suggestions. I would like to do some "automated" testing of handful of websites for XSS (cross site scripting) vulns, along with checking for SQL injection opportunities. I realize that an automated tool approach isn't necessarily the only or best solution, but I'm hoping it would give me a nice start. The sites I need to scan cover the range in stacks from PHP / MySQL to Coldfusion, with some classic ASP and ASP.NET mixed in for good measure. What tools would you use to scan for Web application vulns? (Please note I'm focusing on the web apps directly, not the servers themselves).

    Read the article

  • Mouse button and keypress counter for Linux?

    - by rakete
    I would like to have some kind of statistic of my daily mouse/keyboard usage to help me make my keyboard layout a little bit more efficient. There is already an question about how to do this on windows, but I would like to know I anyone is aware if this is possible under linux. Another thing I already found is key-mon, a little program for screencasts that displays your mouse and keyboard presses on the screen, which would help me achieve what I want with a little bit of python coding by myself. But still, if there was an solution already, that would be easier of course. PS: obfuscated link to key-mon because of spam prevention: hxxp://code.google.com/p/key-mon/

    Read the article

  • Configure IIS 7 Reverse Proxy to connect to TeamCity Tomcat

    - by Cynicszm
    We have an IIS 7 webserver configured and would like to create a reverse proxy for a TeamCity installation using Tomcat on the same machine. The IIS server site is https://somesite and I would like the TeamCity to appear as https://somesite/teamcity redirecting to http://localhost:portnumber I have installed the IIS URL Rewrite extension from http://www.iis.net/download/URLRewrite and the Application Request Routing from http://www.iis.net/download/ApplicationRequestRouting to try and setup a reverse proxy but can't get it working. The closest answer I found is an old StackOverflow question http://stackoverflow.com/questions/331755/how-do-i-setup-teamcity-for-public-access-over-https which unfortunately doesn't have a working example. I've searched a quite a bit but can't seem to find a relevant example. Any help appreciated (apologies for the bold but the spam prevention won't let me post more than 1 hyperlink)

    Read the article

  • Who to run Marcomedia Projector executables on Windows 7?

    - by shinjin
    When I try to use an old app created using Macromedia Projector in Windows 7, it crashes after the first few screens. The same programs works fine on XP. I receive this error message after a few screens: Error A Fatal Error has occurred. Click OK to Quit. Pressing OK brings me a fresh one: Microsoft Visual C++ runtime Library This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. And finally I get a Macromedia Projector has stopped working message. I have already tried adjusting compatibility mode, or adding this program to the Data Execution Prevention exceptions, but none helped.

    Read the article

  • How to check if PAE is enabled? (Windows 7 32 bits)

    - by Altar
    How to tell for sure if PAE (Physical Address Extensions) is enabled or not? There is a SPECIFIC command I can use? I can read a registry value or something? (Windows 7 32 bits) I have found this on Internet but it doesn't answer my question: If your server has hot-add memory ability (ability to add more memory without shutting down the server !!) or data execution prevention (DEP) is enabled then PAE will be enabled automatically !! It only reformulate the question as "does my Qosmio x505 laptop support hot-add memory?"

    Read the article

  • Tracking down Data Execution

    - by Agnel Kurian
    I have some malware infecting one of our machines at home. It first showed up as winulty.exe. After investigating, I am of the opinion that winulty.exe itself is an uninfected file but is being modified after it has loaded into memory. Turning on Data Execution Prevention for all processes and services has confirmed this to be true. How do I track down the process responsible for this? I've used File Monitor from sysinternals.com to monitor winulty.exe and see this being accessed by the svchost.exe instance hosting most of the system services and also by dfrgntfs.exe. How do I know which service or which DLL has been infected?

    Read the article

  • LVM mirroring VS RAID1

    - by syrenity
    Hi. Having learned a bit about LVM mirroring, I thought about replacing the current RAID-1 scheme I'm using to gain some flexibility. Problem is that according to what I found on the Internet, LVM is: 1) Slower then RAID-1, at least in reading (as only single volume being used for reading). 2) Non-reliable on power interrupts, and requires disk cache disabling for prevention of data loss. http://www.joshbryan.com/blog/2008/01/02/lvm2-mirrors-vs-md-raid-1/ Also it seems, at least to several setup guides I read (http://www.tcpdump.com/kb/os/linux/lvm-mirroring/intro.html), that one actually requires a 3rd disk for storing the LVM log. This makes the setup completely unusable on 2 disks installations, and lowers the amount of used mirror disks on higher amount of disks. Can anyone comment the above facts, and let me know his experience of using LVM mirroring? Thanks.

    Read the article

  • Excel wizardness needed - Group By, Sort, Count function help

    - by Chris
    Riddle me this: You have 3 part numbers with the same part name xyz, each with a quantity of 10 items. The items can be picked during the day or week, therefore changing the amount of items on hand. I know I need to use the group by, sort, count and perhaps sumif formulas to have a running count of the number of items on hand at the end of each day (which could be positive or negative). Help? it wont let me add an image because i'm a new user. 'Oops! Your edit couldn't be submitted because: * we're sorry, but as a spam prevention mechanism, new users aren't allowed to post images. Earn more than 10 reputation to post images. '

    Read the article

  • reg delete gives me "access is denied" but regedit delete is ok

    - by Radek
    I need to delete a key from a command line. So I wanted to use reg delete "the key to be deleted" /f but I get ERROR: access is denied. From the same login session (the same user) I am able to delete the key without any troubles from regedit.exe that is not run as administrator. I cannot use runas command to execute reg that I believe would be to solution because in fact I want to use reg to delete registry entry for administrator profile so runas works again. More info in my other question Windows7 corrupted profile - prevention exists?

    Read the article

  • Relevant Knowledge spyware

    - by Usman Masood
    I am an advanced user, using Windows 7 with Avast! antivirus running. Today I started browsing and faced some weird popup. Upon investigation I found that "Relevant Knowledge" was running in my system. I was able to uninstall it using the Programs Manager and deleted the file's entries in the registry, but I am a little troubled due to the fact that Avast! was not able to detect it; and secondly, how it came into my system. Also, what further prevention measures should I take?

    Read the article

  • Our company claims that the DLP system can even monitor the contents of HTTPS traffic, how is this possible?

    - by Ryan
    There is software installed on all client machines for DLP (Data Loss Prevention) and HIPAA compliance. Supposedly it can read HTTPS data clearly. I always thought that between the browser and the server, this was encrypted entirely. How can software sneak in and grab this data from the browser prior to it is encrypted or after it is decrypted? I am just curious as to how this could be possible. I would think that a browser wouldn't be considered very secure if this was possible.

    Read the article

  • Need old version Firefox Java plugin

    - by Bryan
    I need to use Java 1.6.0_20 for the software I'm running. I went to the Oracle website and downloaded jre1.6.0_20 and installed it on my computer, but can't seem to get Firefox to load Java. If I download directly from http://www.java.com/en/download/manual.jsp, the plugin works fine but is the wrong version, and I can't find on www.java.com anywhere to download any of the previous versions. According to the help (can't post link because of spam prevention), I need to go into the Java Control Panel and enable it for Mozilla. I've done this multiple times, but every time I go in to the control panel and check the box, click Apply and Save, as soon as I go back in the box is unchecked. Does anyone know either why the box is unchecked, or where I can download the old JRE that also is configured for Firefox?

    Read the article

  • What would prevent a .BAT file from being run on a mapped drive?

    - by JBurace
    In WinXP SP3, I have a .BAT file on a mapped drive. When I try to run this .BAT file (or even right click-edit) it gives me: --------------------------- Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. --------------------------- OK --------------------------- This happens with any .BAT file, no matter what is within the file. If the file is on my local computer (like C:) it will run just fine. If someone else runs it from another computer (on the same mapped drive), it runs just fine. I have full permissions on the drive; I can edit/delete/save/write/create in that folder and/or .BAT file and I've ruled out permissions being the issue. It seems like a security prevention, but I can't tell what it would be. It would have to be something on my PC, but I don't use any 3rd party software. What would cause this error?

    Read the article

  • Java on 256MB system?

    - by Mike S.
    For a school project, I've registered a free VPS on a hosting provider (pipni.cz). It has 256MB RAM: Mem: 262144k total, 148104k used, 114040k free, 0k buffers It's running on Debian Squeeze. I always get this error when I run a Java program: Error occurred during initialization of VM Could not reserve enough space for object heap Could not create the Java virtual machine. I tried to use Xms, Xmx, Xss with low values and still same result. ulimit -v gives me "unlimited". My application will be pretty simple and I need to use rmiregistry also. Can somebody help?

    Read the article

  • HTML Markup in einem APEX Tree - ganz einfach per Plugin!

    - by carstenczarski
    Die APEX Tree Region kennt sicherlich jeder APEX-Entwickler. Und vielfach besteht der Bedarf, das Aussehen des APEX Tree mit Hilfe von HTML Markup zu beeinflussen. Leider ist es seit APEX 4.0 nicht mehr möglich, eigenes HTML-Markup in einen APEX-Tree aufzunehmen - aus Sicherheitsgründen (Schutz vor Cross-Site-Scripting) werden alle HTML Sonderzeichen maskiert. Wenn kein XSS-Risiko besteht (die vom Tree dargestellten Inhalte basieren nicht auf Benutzereingaben und werden komplett vom Entwickler bestimmt), kann dies mit wenigen Zeilen JavaScript und jQuery-Code erreicht werden. Damit es noch einfacher wird,  haben wir die Funktionalität für Sie in einem APEX-Plugin gekapselt. Und so funktioniert es: APEX Plugin "HTML Markup for APEX Tree Region" herunterladenhttp://apex-plugin.com/oracle-apex-plugins/dynamic-action-plugin/html-markup-for-apex-tree_174.html APEX Plugin in die Anwendung importieren APEX Tree Region erzeugen und eigene Ersetzungen für HTML-Sonderzeichen verwenden, also bspw."[" für "<", "]" für ">" und "§" für "&". Eine neue dynamische Aktion erzeugen, die beim Laden der Seite ausgeführt wird und mit Hilfe des Plugins die Ersetzungen im Tree durch die "richtigen" HTML-Sonderzeichen ersetzt. Fertig. Wie das Plugin wirkt, können Sie sich auf einer Demo-Seite ansehen.

    Read the article

  • DevDays ‘00 The Netherlands day #2

    - by erwin21
    Day 2 of DevDays 2010 and again 5 interesting sessions at the World Forum in The Hague. The first session of the today in the big world forum theater was from Scott Hanselman, he gives a lap around .NET 4.0. In his way of presenting he talked about all kind of new features of .NET 4.0 like MEF, threading, parallel processing, changes and additions to the CLR and DLR, WPF and all new language features of .NET 4.0. After a small break it was ready for session 2 from Scott Allen about Tips, Tricks and Optimizations of LINQ. He talked about lazy and deferred executions, the difference between IQueryable and IEnumerable and the two flavors of LINQ syntax. The lunch was again very good prepared and delicious, but after that it was time for session 3 Web Vulnerabilities and Exploits from Alex Thissen. This was no normal session but more like a workshop, we decided what kind of subjects we discussed, the subjects where OWASP, XSS and other injections, validation, encoding. He gave some handy tips and tricks how to prevent such attacks. Session 4 was about the new features of C# 4.0 from Alex van Beek. He talked about Optional- en Named Parameters, Generic Co- en Contra Variance, Dynamic keyword and COM Interop features. He showed how to use them but also when not to use them. The last session of today and also the last session of DevDays 2010 was about WCF Best Practices from Gerben van Loon. He talked about 7 best practices that you must know when you are going to use WCF. With some quick demos he showed the problem and the solution for some common issues. It where two interesting days and next year i sure will be attending again.

    Read the article

  • Can't add to panel nor delete panel

    - by david
    Hello everybody! I cannot add any applet to any (top or bottom) panel, cannot delete any panel nor create a new panel. When I right-click on the panel the only options available are: Properties, Help or About panels. [I cannot post an image because of spam prevention, so I'll do my best] I can see when I right-click (bold means clickable): Add to panel Properties Delete this panel New panel Help About Panels Trying to solve this I did what is usually suggested: gconftool-2 –-recursive-unset /apps/panel # might be optional rm -rf ~/.gconf/apps/panel pkill gnome-panel but I only got a nice empty panel (no Applications Places System, no clock, no shutdown button...) to which I couldn't add any applet, so I decided to take the default profiles in .gconf and .gconfd from a live CD and overwrite mines. Now we are back to the beginning. I also have tried to lock completely the panel (with both gconf-editor and pessulus) and later unlock it completely but it didn't work. Here is the system information: $ lsb_release Distributor ID: Ubuntu Description: Ubuntu 10.04.2 LTS Release: 10.04 Codename: lucid Thank you very much.

    Read the article

  • SO-overflow induced passivity - how to cope?

    - by Ruben
    After not really working on my pet project for a while, I discovered Stackoverflow and upon perusing it more intensely I was quite amazed. I'm a bit of a perfectionist, so when I found eye-openers here highlighting many of the mistakes I made, I first wanted to fix everything. However, it's a pet project for a reason: I'm self-taught and I'm studying psychology, so programming skills can never become priority one (though it often helps, even in this field). Issues that stuck out were numerous security issues (e.g. CSRF-prevention and bcrypt eluded me) not object-oriented (at least the PHP part, the JS-part mostly is) no PHP framework used, so many of my DIY takes on commonly-tackled components (auth, ...) are either bad or inefficient really poor MySQL usage (no prepared statements, mysql extension, heard about setting proper indices two days ago) using mootools even though JQuery seems to be fashionable, so there's more probably always going to be better integration with services I'd like to use (like google visualization) So, my SO-induced frenzy turned into passivity. I can't do it all (soon) in the rather small amount of spare time I can spend on working on my project. I can leave some of the issues be in good conscience (speed stuff: an unfinished & unpublished project will never become popular, right?). No clear conscience without good security though and if I don't use a framework for auth and other complex stuff I'll regret having to do it myself. One obvious answer would probably be going open-source, but I think the project would need to become more impressive before others would commit to it. I can't afford to employ someone either. I do think the project deserves being worked on, though. How should I tackle it anyway? What's the best practice for little-practice people?

    Read the article

  • ArchBeat Link-o-Rama for November 21, 2012

    - by Bob Rhubart
    Fault Handling and Prevention - Part 1 | Guido Schmutz and Ronald van Luttikhuizen In this technical article, part one of a four part series, Oracle ACE Directors Guido Schmutz and Ronald van Luttikhuizen guide you through an introduction to fault handling in a service-oriented environment using Oracle SOA Suite and Oracle Service Bus. One Stop Shop for Oracle Webcasts Webcasts can be a great way to get information about Oracle products without having to go cross-eyed reading yet another document off your computer screen. Oracle's new Webcast Center offers selectable filtering to make it easy to get to the information you want. Yes, you have to register to gain access, but that process is quick, and with over 200 webcasts to choose from you know you'll find useful content. Oracle on Oracle: Is that all? (Identity Management)| Darin Pendergraft Darin Pendergraft shares a discussion with Jaime Cardoso aboutthe latter's experience with Oracle's IDM products. What's particularly interesting is that the discussion grew out of Jaime's highly critical comment that Darin missed important pointsabout those products in an earlier interview Chirag Andani. If that ain't social engagement, I don't know what is. I.T. Chargeback : Core to Cloud Computing | Zero to Cloud "While chargeback has existed as a concept for many years (especially in mainframe environments), it is the move to this self-service model that has created a need for a new breed of chargeback applications for cloud," says Mark McGill. "Enabling self-service without some form of chargeback is like opening a shop where all of the goods are free." New Self-paced Online Oracle BPM 11g Developer Training | Dan Atwood Oracle ACE Dan Atwood of Avio Consulting shares a lot of information about a new Oracle BPM 11g Developer Workshop. JPA SQL and Fetching tuning ( EclipseLink ) | Edwin Biemond Oracle ACE Edwin Biemond's post illustrates how to "use the department and employee entity of the HR Oracle demo schema to explain the JPA options you have to control the SQL statements and the JPA relation Fetching." Thought for the Day "Team development is like a birthday cake. Everybody gets a piece." — Assaad Chalhoub Source: SoftwareQuotes.com

    Read the article

  • does my js replace view?

    - by Milla Well
    I am writing a web application which is based on Codeigniter and jQuery. I primarily use ajax to call my controller functions and it turned out, that there are just 4 view*.php files, because most of my contoller functions return JSON data, which is processed in my jQuery. So my actual code is divided in kind of MVCC model: Codeigniter model (db, computations) Codeigniter controller (filtering, xss-cleaning, checking permissions, call model functions) jQuery controller (callback functions) jQuery view (adding/removing classes, appending elements,... ) So I violate the paradigm of not using the echo function in my Codeiginter controller and simply call echo json_encode($result); because it doesn't make any sense to me to create a view*.php file for one loc. Especially because all the regular view*.php stuff is covered in my jQuery view. I was wondering if I am missing something out, or if there is a way to integrate this jQuery-controller in my Codeigniter. I found some words on this topic, but this seems pretty handmade. Are there some neat solutions? Does a MVCC model make sense?

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20  | Next Page >