New Whitepaper available on security best practices
Hello List,
Driven by multiple requests to provide some kind of guidance on what
constitutes "best security practice", I've created a whitepaper focusing
on host naming and URL conventions. I've found that by following these
simple principles the avenue for attack on many Internet-based
applications is greatly limited.
I'm planning on releasing a number of new whitepaper this year focusing
on plain-English explanations and advice on best security practices --
primarily dealing with web-app security. I'd welcome any suggestions on
other topics "industry" would like covered in more detail.
The paper is available at:
http://www.ngssoftware.com/papers/NISR-BestPracticesInHostURLNaming.pdf
Abstract:
A consideration often neglected by many organisations when rolling out
new servers or developing web-based applications that will be accessible
by Internet clients and customers is that of host and URL naming
conventions. There are a number of simple steps that can be taken to
strengthen the security of an environment or application making it more
resilient to several popular attack vectors. By understanding how an
attacker can abuse poorly thought out naming conventions, and by
instigating a few minor changes, it is possible to positively increase
the defence-in-depth stature of an environment.
Cheers,
Gunter Ollmann
--
------------------------------------------------------
G u n t e r O l l m a n n, MSc(Hons), BSc
Professional Services Director
Next Generation Security Software Ltd.
First Floor, 52 Throwley Way Tel: +44 (0)208 401 0089
Sutton, Surrey, SM1 4BF, UK Fax: +44 (0)208 401 0076
http://www.nextgenss.com
------------------------------------------------------