Anish Shaikh's TechFactor: November 2009

OWASP Top 10 Web Application Security Risk List - RC

Monday, November 16, 2009

OWASP Project has updated and released the all new Web Application Security Risk List - Release Candidate, There were a few changes like Insecure Configuration Management was changed to Security Misconfiguration. New Risk was added Unvalidated Redirects and forwards.

You can look at the Release candidate below and provide your feedback but as per what I feel most of the Risks are going to make to the Final Web Application Security Risk List.

How Google uses Linux OS

Tuesday, November 10, 2009

I came across this interesting article that talks about how is Linux being used at Google. There is not much specific information how the tasks are scheduled and all. This was a talk between Google Folks and the Kernel Developers. Google has ported some old code to run on the kernel version that they use. It also tells us that Google uses an old kernel like 2.6 etc Well you can read the whole article at lwn. Its interesting read.

Updated: Microsoft COFEE Leaked Download Toolkit

I had earlier written about Microsoft's COFEE. COFEE utilities are a set of computer forensics and auditing tools that Microsoft had put on a USB drive and provides it to law enforcement for use in trying to extract info from a computer. There was some fear that it was a "back door," but people insisted it was no such thing, but just a collection of basic tools. Still, the fact that the system was promoted as being useful for decrypting passwords and analyzing a computer's data and internet activity seemed troubling. We noted that if Microsoft was giving it out to law enforcement, it seemed likely that others would have access to it as well.

This is one of the best thing that has happened for Forensics Community, To be frank we all wanted it. We wanted to see whats up with this tool from Microsoft. Now I am happy that we have access to it. To see what MS has done in this Incident Response and Data Collection toolkit. I have downloaded and currently reviewing the toolkit. Things look good as for now. Well incase you guys too wanna download Microsoft's COFEE Forensics Toolkit. Look around its not so hard to get hold of a copy.

One thing, I would like to say thanks to Microsoft for making and thanks to the folks leaking it online..

Cheers to All of you

Microsoft report says more worms, vista better, file formats security

Tuesday, November 3, 2009

Microsoft has released their latest Security Intelligence Report (SIR).

Some of the Top Highlights of the report are :

Large increase in Worm Infection.
Vista was less compromised than Windows XP machines.
Phishing and Automated SQL Injection Attempts are on rise.
Browser Based Exploits are increasing.

You can get the report @ MS Threat Center

Good Paper on Source Code Analysis

If you are interested in reading a book about source code analysis to plug in your security loop holes, I recommend this paper. It is a good read, it discusses benefits of source code analysis and puts lights on many issues like compile time issues, linking and non-linking code. etc.

You can get this book @ checkmarx

Anish Shaikh's TechFactor