Quick Search

Enter word or key phrases

Advanced Search
SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Publications

XML Port Scanning - Bypassing Restrictive Perimeter Firewalls - 26 Sep 06

The XML port scanning technique described in this paper allows an attacker to utilise an XML parser to execute port scanning of systems behind a restrictive perimeter firewall. While the technique relies on some reasonably specific implementation details in order to be exploitable remotely, it is potentially applicable to any application that accepts XML document inputs.

Several workarounds exist and have been detailed in this paper and the technique does not offer the ability to perform advanced fingerprinting or analysis of the underlying operating system of hosts. However, this technique demonstrates the danger that inadequately configured XML parsers can pose to an organisation and highlights the inability of traditional network security devices to handle application-level threats.



Top

Enter your email address to subscribe
HTML Email?

subscribe unsubscribe

SIFT Grows Security Services Team Through Merger

28 May 07

Australian information security services firm SIFT today announced the merger of the Safecoms Secure IT consulting and services business with SIFT, positioning the combined firm for continued growth in the Asia-Pacific information security services market.
more...

Release of Log Injection Intelligence Report

14 Feb 07

SIFT is proud to release a new Intelligence Report examining attacks against log files, demonstrating ways in which the integrity of log and audit trails can be compromised by a malicious user.
more...
© 2000-2008 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd