Commonly Identified Risks Inappropriate SSL Certificate (expired, not properly configured, self-signed, etc.); Unknown or unnecessarily open shares; Dormant user accounts that have not expired; Unnecessary open ports; Rogue devices connected to your systems; Dangerous script configurations; Servers allowing use of dangerous protocols; Incorrect permissions on important system files; Running of unnecessary, potentially dangerous services; Default […]
Monthly Archives: June 2016
What are Some Various Compliance and Regulatory Frameworks?
Recognized frameworks include, at minimum, requirements that a regular vulnerability assessment of either the production network and / or web application be performed. Depending upon your environment the following frameworks potentially required these assessments: Sarbanes-Oxley (SOX); Statements on Standards for Attestation Engagements 16 (SSAE 16 / SOC 1); Service Organization Controls (SOC) 2 / 3; […]
What is AJAX?
AJAX is a developer’s dream, because you can: Update a web page without reloading the page Request data from a server – after the page has loaded Receive data from a server – after the page has loaded Send data to a server – in the background AJAX is about updating parts of a web […]
What is Mac OS X?
Mac OS X, often called simply OS X, is the operating system that resides on Apple’s desktop and portable computer lineup. Built upon a Unix core, it is easy to use yet highly advanced, extremely stable, and an excellent OS for productivity and creation. For more information, see http://osxdaily.com/category/mac-os-x/
What is Nikto2?
Nikto is an Open Source (GPL) web server scanner which can check for more than 6,700 potentially dangerous files or programs, for outdated versions of more than 1,250 servers, and for version-specific issues on more than 270 servers. Additionally, it will look at server configuration concerns such as multiple index files and various HTTP server […]
What is Cain and Abel?
Cain and Abel describes itself as a password recovery tool for Windows. In reality, however, it is much more useful than that – it can capture and monitor network traffic for passwords, crack encrypted passwords using multiple methods, record VoIP conversations, and even recover wireless network keys. The software can perform a dictionary attack test […]
How to Install and Configure Nessus
Go to nessus.org/download/nessus_download.php Download the version for your OS, for example Nessus Home. The file name will look something like Nessus-4.4.0-ubuntu804_XXX.deb (the XXX represents the filename which can change as new versions are released) Save the file to the root directory Switch to the terminal screen. In Terminal, type: root@bt:~# ls *.deb to look for […]
What is OpenVAS?
OpenVAS is a vulnerability scanner. It is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. It is open source and it is free. Click here for instructions on installing OpenVAS in Kali. The installation process worked for me as of 6/29/2016 although it required more […]
Mac Desktop Security Best Practices
This post requires additional information but for now: http://osxdaily.com/2012/01/11/password-protect-files-folders-in-mac-os-x
Linux Server Security Best Practices