Posted: August 16th, 2010 | Filed under: Web Security Tools | Tags: pa-dss, pci, pci dss, pci security standards council, WAF, web application firewall, windows security
According to CSP Daily News the PCI Security Standards Council has just introduced the plan for Version 2.0 of its PCI standards which are due to take effect in October of 2010.
Version 2.0 of PCI DSS and PA-DSS do not introduce any new major requirements. Key updates, clarifications and guidance include: Read the rest of this entry »
No Comments »
Posted: August 9th, 2010 | Filed under: Web Security Tools
and Damage your Good Name
A Cross-Site Scripting (XSS) Overview
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. XSS essentially compromises the trust relationship between a user and the Web site. As of 2007 XSS carried out on web sites was responsible for roughly 80% of all Internet security vulnerabilities as documented by Symantec. Read the rest of this entry »
No Comments »
Posted: July 2nd, 2010 | Filed under: Web Security Tools
A SQL Injection overview
A SQL injection attack exploits the fact that in a typical dynamic Web site or application layer (ie. ASP.NET, PHP, etc) ultimately has access to a database layer. By using the application’s own code to get at the database, SQL injection attacks can do almost unlimited mischief: steal or corrupt sensitive data, host malware on the site, damage or even seize control of the entire application. This article provides a short overview of SQL injection and how it can be damaging to your Web applications. Read the rest of this entry »
No Comments »
Posted: July 2nd, 2010 | Filed under: Web Security Tools | Tags: iis security, web application firewall
A new helpful free tool from Microsoft, the Security Compliance Manager provides an end-to-end solution to help plan, deploy, and monitor the security baselines of computers running Windows Server 2008.
The Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies.
This tool allows you to access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats-including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)-to export the baselines to your environment and automate the security baseline compliance verification process.
Combining use of a professional Web Application Firewall with the Security Compliance Manager will enable you to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.
To get more information about downloading a copy of the Security Compliance Manager visit Microsoft’s TechNet site.
/ P80
No Comments »
