Welcome to SecurityDocs

A collection of 4,492 IT security white papers, carefully curated by professionals like yourself

Popular topics
Certifications

CISSP, Security+, GSLC

Web application security

XSS, SQL injection

Penetration testing

Kali, mimikatz, social engineering

Management

Case studies, staffing

Oct. 1, 2015

Configuration of IPS to improve Incident Response Time

by Elango Krishnasami

This paper discusses advanced configuration of IPS to reflect the changing network topology using feedback from an event analysis tool. The events analyzed by incident response tools can be used to find out the false positives and the signatures required in the IPS. Using the analyzed event pool data, IPS can be dynamically configured to reduce the false positives, improve the incident response time and improve the performance by reducing the load on the IPS.

Sept. 1, 2005

Writing syslog messages to MySQL

by Rainer Gerhards

In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure the

Aug. 1, 2005

Foundations of Cryptography

by LearnSecurityOnline

Cryptography has been employed for keeping secrets since the time of Caesar. From the simplest ciphers of shifting letters, to mathematically provably secure ciphers of today, cryptography has progressed a long way. It also has widened to a number of uses and capabilities to fit an ever growing number of applications. Cryptography makes it possible to keep data secure over an insecure network. It also makes it possible to keep private data on your computer safe from prying eyes. Even car thie...

Aug. 1, 2005

Configuration of IPS to improve Incident Response Time

by Ramesh Sripathy Rao, Elango Krishnasami

This paper discusses advanced configuration of IPS to reflect the changing network topology using feedback from an event analysis tool. The events analyzed by incident response tools can be used to find out the false positives and the signatures required in the IPS. Using the analyzed event pool data, IPS can be dynamically configured to reduce the false positives, improve the incident response time and improve the performance by reducing the load on the IPS.

July 20, 2005

Cross Site Scripting (XSS) FAQ

by Chris Morganti

XSS attacks are becoming a big problem and are going to become an extremely big problem if people do not educate themselves about XSS attacks and vulnerabilities. XSS vulnerabilities have been found in all sorts of websites including fbi.gov, yahoo.com, ebay.com and many other popular and important websites, a lot of administrators fail to pay attention to XSS attacks because they either don't know much about them or they do not see them as a threat. An XSS vulnerability when exploited by a s...

July 1, 2005

Session Hijacking Packet Analysis

by Lee Lawson

‘Session Hijacking’ is a high level attack vector which many systems are completely open to. Most systems are vulnerable to this type of attack as most systems use Transmission Control Protocol (TCP), the standard communication protocol used on the Internet and internal Local Area Networks (LANs). This paper assumes a level of network competency by the reader to being equivalent to that of a network engineer or experienced administrator.

April 1, 2005

Achieving Wireless Security with Interoperability

by Ryon Coleman

Though the concept of an ultra-high level of wireless networking security and information assurance is somewhat opposed to the concept of open interoperability with a wide spectrum of 3rd party vendors’ wireless equipment, this paper is intended to show that 3eTI FIPS 140-2 validated and Common Criteria certified wireless equipment are interoperable with multiple vendors’ IEEE 802.11-compliant equipment, and that 3eTI solutions are non-proprietary.

Dec. 1, 2004

Shadow Software Attacks

by Angelo Rosiello,

In this paper, I'm going to demonstrate the fact that a shadow software attack is still possible. In fact, many users and system admins are not aware of the importance of the protection mechanisms against these kind of attacks. There are many possible solutions to resolve this scenario, but it often requires some engagement from the server and the user’s side and probably this is the very essence of the entity of the problem that we are going to face.

June 3, 2001

Protecting Your Organization From Electronic MessageViruses

by Robert Grupe

The most important thing to remember about virus protection is that no system is infallible. No matter how good your anti-virus (AV) software is, and how stringent your security processes are, there is still the chance that a completely new virus will enter your organization and disrupt operations. Of course, completely isolating your systems from the Internet and removing them from external e-mail will greatly minimize your exposure; however, in today's digital economy that is no longer a pr...

Feb. 5, 2001

Protecting Your Workplace: 10 Anti-Virus Rules

by Kaspersky Lab

Protecting Your Workplace: 10 Anti-Virus Rules by Denis Zenkin , Kaspersky Lab last updated Feb. 5, 2001 Regardless of how one makes his or her living, computers and

Dec. 6, 2000

Episode Three: From Out of the Blue

by Robert G. Ferrell

Chasing the Wind Episode Three From Out of the Blue by Robert G. Ferrell last updated Dec. 6, 2000 It was just after two o'clock in the morning, local time,

Laptop Security

by Ramanujam Narasimman

As the price of computing technology is steadily decreasing, devices like the laptops and mobile phones have become more common in use. Although these devices enhance the business functions due to their mobile access to information anytime and anywhere, they also pose a large threat as they are mobile and small. Wireless capability in these devices has also raised security concerns due to the information being transmitted over ether, which makes it hard to detect.

$50 Amazon gift card

Write for us

Get an original white paper published on SecurityDocs, and receive a $50 Amazon gift card.

Learn more

Subscribe

We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.