Using Client Certificate Authentication with IIS 6.0 Web Sites
In spite of the fact that there’s no such thing as a secure network, there are still a lot of things you can do that doesn’t require you to take a second mortgage on your home and thousands of...
View ArticleWeb Server Security Issues and Front Page Server Extensions
It's "common knowledge" (at least in some circles) that FrontPage Server Extensions are insecure and Web Sites created with FrontPage are vulnerable -- but is it true? What are the risks associated...
View ArticleWeb Server Defacements (Part 1)
The urban art of grafitti has traversed to the online world in the form of web server defacements. Just how do these online vandals do it though? Read on to learn how it is done, and therefore gain a...
View ArticleWeb Server Defacements (Part 2)
In part two of this article series we shall take a more detailed look at how to actually pull off a web page defacement. The tool in use will be the outstanding open source security program Metasploit...
View ArticleWeb Server Defacements (Part 3)
We shall now actually deface the web server’s web page, and pull off the hack as it were. Furthermore we will peek under the hood, and look at the packets to see just what transpired so that you might...
View ArticleProtect your Web Servers with SSL
HTTP communications are fine for the average Web server, which just contains informational pages. But if you’re thinking about running an e-commerce site or other Web services that require secure...
View ArticleSPIKE and BURP for real world computer security usage (Part 1)
This article series will demonstrate how to use an HTTP proxy.
View ArticleSPIKE and BURP for real world computer security usage (Part 2)
In this part two of the article series we will actually use an HTTP proxy and find out more on how you can use this very useful tool.
View ArticleSPIKE and BURP for real world computer security usage (Part 3)
This article is the last in a series based on SPIKE the HTTP proxy.
View ArticleSPIKE and BURP for real world computer security usage (Part 4)
In previous articles we covered the SPIKE HTTP proxy, and how to use it. Well there are many different HTTP proxies out there, and the BURP HTTP proxy is one of the better ones. Choosing an HTTP proxy...
View ArticleLocking Down IIS 6.0 with .NET: The Default Security Wizard
Yeah, you’ve heard it a million times. How often you hear that IIS has been hacked, another unchecked buffer (the millionth one this year) and no, not another service pack or hot fix!
View ArticleInstalling and Securing IIS Servers (Part 1)
IIS, an acronym for Internet Information Services is a web application server program that handles HTTP requests, ranking second in popularity (after Apache). Its popularity is mainly due to the fact...
View ArticleInstalling and Securing IIS Servers (Part 2)
The previous article showed you how to install, configure and, finally, how to connect your new Web Server to the Internet. Now you may be sure that the server runs securely. You have subscribed to...
View ArticleInstalling and Securing IIS Servers (Part 3)
In Part I of the series we dealt with the installation of the IIS service whilst Part II covered issues related to configuring an IIS Server to handle encrypted connections. Until now, we used Internet...
View ArticleSecure Architecture for an SQL / Web Server
There are many ways to hack a Web server. One cannot assume that database servers are unassailable fortresses. So what should one do if a Web server which derives data from a database needs to be made...
View ArticleHow URL Authorization Increases Web Server Security
Web servers, by their very nature, are usually exposed to outsiders and thus are vulnerable to compromise and attack. Internet Information Services (IIS) version 6, included with Windows Server 2003,...
View ArticleSSL Acceleration and Offloading: What Are the Security Implications?
Secure Sockets Layer (SSL) is a popular method for encrypting data transferred over the Internet. It is commonly used to provide secure transfer of credit card information and other sensitive data in...
View Article
