Quick Search

Enter word or key phrases

Advanced Search

Intelligence Sub Menu:

Benefits by Industry:

Key Interest Areas:

Information For:

SIFT Training Schedule

Secure Web Application Design
Course Dates:

Sydney 25 Aug 2008

SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Publications


Log Injection Attack and Defence

14 Feb 07

A log injection vulnerability occurs when a poorly-written program uses user-provided data to write to a system or application log without any security pre-processing. If an attacker controls this data they can then manipulate entries in the log for their purposes. Based on their level of knowledge of log format and content, this often results in the ability to add new entries and falsify events and actions.
more...

A Web Services Security Testing Framework

13 Nov 06

Web services are a widely touted technology that aim to provide tangible benefits to both business and IT. However, currently a specific security testing methodology is not currently avaliable in the marketplace. SIFT's newest paper proposes a framework that covers the entire security testing process tailored specifically for web services applications.
more...

XML Port Scanning - Bypassing Restrictive Perimeter Firewalls

26 Sep 06

This report describes a mechanism through which an attacker could use XML to have your webserver complete an internal scan of your environment, passing the information back to the external attacker.
more...

Enter your email address to subscribe
HTML Email?

subscribe unsubscribe

SIFT Grows Security Services Team Through Merger

28 May 07

Australian information security services firm SIFT today announced the merger of the Safecoms Secure IT consulting and services business with SIFT, positioning the combined firm for continued growth in the Asia-Pacific information security services market.
more...

Release of Log Injection Intelligence Report

14 Feb 07

SIFT is proud to release a new Intelligence Report examining attacks against log files, demonstrating ways in which the integrity of log and audit trails can be compromised by a malicious user.
more...
© 2000-2008 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd