Quick Search

Enter word or key phrases

Advanced Search

Press Room Sub Menu:

Benefits by Industry:

Key Interest Areas:

Information For:

SIFT Training Schedule

Secure Web Application Design
Course Dates:

Sydney 25 Aug 2008

SIFT is an "Australian Government Endorsed Supplier" of information security and information risk management services.

Announcements

Release of Log Injection Intelligence Report - 14 Feb 07

SIFT is proud to release a new Intelligence Report examining attacks against log files, demonstrating ways in which the integrity of log and audit trails can be compromised by a malicious user.

A log injection vulnerability occurs when a poorly-written program uses user-provided data to write to a system or application log without any security pre-processing. If an attacker controls this data they can then manipulate entries in the log for their purposes. Based on their level of knowledge of log format and content, this often results in the ability to add new entries and falsify events and actions.

Developers, analysts, architects, and testers working with logging systems are encouraged to review and implement the recommendations of this technical paper.

Click here to download the full report [PDF]



Top

Enter your email address to subscribe
HTML Email?

subscribe unsubscribe

SIFT Grows Security Services Team Through Merger

28 May 07

Australian information security services firm SIFT today announced the merger of the Safecoms Secure IT consulting and services business with SIFT, positioning the combined firm for continued growth in the Asia-Pacific information security services market.
more...

Release of Log Injection Intelligence Report

14 Feb 07

SIFT is proud to release a new Intelligence Report examining attacks against log files, demonstrating ways in which the integrity of log and audit trails can be compromised by a malicious user.
more...
© 2000-2008 SIFT Pty Ltd. All rights reserved.
Terms & Conditions | Privacy Policy
Developed by Get Started Australia Pty Ltd