Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Security issues against DNS

by Craig S. Wright

There are many ways to attack DNS. Attacks range from denials of service (DOS) to man in the middle (MiTM) to spoofing. The recent inclusion of Unicode entries into DNS may mean a site that looks like “microsoft.com” could exist but actually point to something else. Perhaps the o's in Microsoft would be Cyrillic instead of Latin. This paper will look at the issues facing DNS as well as conduct an analysis of the existing DNS infrastructure to assess its state and weaknesses. This process will...

Nov. 24, 2017 1 comment 41 minute read Apps & Hardening

XSS (Cross Site Scripting) Prevention Cheat Shee

This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS. Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing...

Nov. 25, 2017 0 comments www.owasp.org Apps & Hardening

Six Ways to Secure APIs

by Alok Shukla

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple of years. Due to increased public exposure and common API front end usage, APIs have become a new attack vector for cybercriminals and can make your applications and databases vulnerable to the ful...

Nov. 24, 2017 0 comments www.imperva.com Apps & Hardening

Scanning Ethereum smart contracts for vulnerabilities

by Bernhard Mueller

In this article, I’ll show how to run different types of security scans with Mythril using smart contracts from the Ethernaut wargame as examples (thanks to the guys from Zeppelin solutions for giving me permission). If you haven’t tried the wargame yourself, be aware that there are spoilers ahead! I recommend giving it a shot yourself first if you haven’t already.

Nov. 24, 2017 0 comments hackernoon.com Apps & Hardening

3 Security Features to Consider When Choosing a Linux Workstation


In this new blog series, we’ll lay out a set of baseline recommendations for Linux workstation security to help systems administrators avoid the most glaring security errors without introducing too much inconvenience. These are the same guidelines our own 100 percent remote team uses every day to access and manage the IT infrastructure for dozens of The Linux Foundation projects including Linux, Hyperledger, Kubernetes, and others. Even if your systems administrators are not remote workers...

Nov. 24, 2017 0 comments www.linux.com Apps & Hardening

Web Security: Best Practices in 2017

I recently found out about Mozilla Observatory and ran my website through the tool. The results were depressing…a big, fat, ugly F. For those of you not familiar with grading in the US, an F is the lowest grade possible. It’s like a punch in the face to my pride.

Nov. 24, 2017 0 comments hackernoon.com Apps & Hardening

16 Common WordPress Security Questions & Answers

We sat down with security expert and Incsub CTO Aaron Edwards to learn more about WordPress security and the steps administrators can take to keep their WordPress themes and plugins secure. 1. How can I tell if my WordPress theme and plugins are secure? There are some great free tools like WP Checkup that can …

Nov. 23, 2017 0 comments www.pentestingexperts.com Apps & Hardening

Secure your wordpress site from hackers

by Mark Player

I recently had to ask my hosting provider for some help regarding passwords on one of my other WordPress websites. After the call the tech asked or rather tried to up sell there malware protection service to me for around $100 dollars per year on top of the hosting I already pay them. I decided to decline by saying I would look into it in the future, however it got me thinking that if they are providing this service then there must be a risk to WordPress sites. I immediately went to Google...

Nov. 23, 2017 0 comments www.securitybreach.online Apps & Hardening

Baseline Security Recommendations for IoT

The study which is titled ‘Baseline Security Recommendations for Internet of Things in the context of critical information infrastructures’, aims to set the scene for IoT security in Europe. It serves as a reference point in this field and as a foundation for relevant forthcoming initiatives and developments.

Nov. 23, 2017 0 comments www.enisa.europa.eu Apps & Hardening

TLS/SSL Explained – Establishing a TLS Connection


To get a better understanding of the TLS protocol, we will now see what exactly takes place for a secure connection to be established. The most important process of the connection establishment is the so called “Handshake”. During the Handshake, server and client will exchange important information regarding the properties under which the connection will be established.

Nov. 23, 2017 0 comments www.acunetix.com Apps & Hardening

TLS/SSL Explained – TLS/SSL Certificates


As we have already seen, a secure connection can be used to encrypt data and protect our data from being exposed to third parties. In order for the encryption to occur, the server needs an TLS/SSL certificate to be used. A TLS/SSL certificate essentially binds an identity to a pair of keys which are then used by the server to encrypt as well as sign the data.

Nov. 23, 2017 0 comments www.acunetix.com Apps & Hardening

TLS/SSL Explained – A brief history of TLS/SSL


SSL was first introduced by Netscape back in 1993-1994. The growth of the Internet was rising, and so was the need for transport security. Today SSL/TLS it is used in almost every conceivable online service. Version 1.0 of SSL was never released as it had serious security flaws. The first official release of SSL, version 2.0 was issued a year later, in 1995. The final of version of the SSL protocol, version 3.0, was released in November 1996.

Nov. 23, 2017 0 comments www.acunetix.com Apps & Hardening

TLS Security: TLS/SSL Explained – What is TLS/SSL?


In this series on TLS security, we will focus on two widely known and used protocols in computer security, SSL and TLS. We will first start off with SSL, which stands for Secure Socket Layer and then we will talk about its successor, TLS, which stands for Transport Layer Security.

Nov. 23, 2017 0 comments www.acunetix.com Apps & Hardening

System Hardening Guidance for XenApp and XenDesktop

Global organizations including healthcare, government and financial services rely on Citrix XenApp and XenDesktop to provide secure remote access to environments and applications. When properly configured, Citrix XenApp and XenDesktop provide security measures that extend beyond what is natively available in an enterprise operating system by providing additional controls enabled through virtualization. Citrix and Mandiant are working together to enhance the security of virtualized envir...

Nov. 23, 2017 0 comments www.ervik.as Apps & Hardening

CIS Benchmark for AWS

This document provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings.

Nov. 23, 2017 0 comments d0.awsstatic.com Apps & Hardening

Exploring the Effectiveness of Approaches to Discovering and Acquiring Virtualized Servers on ESXi

by Scott Perry

As businesses continue to move to virtualized environments, investigators need updated techniques to acquire virtualized servers. These virtualized servers contain a plethora of relevant data and may hold proprietary software and databases that are relatively impossible to recreate. Before an acquisition, investigators sometimes rely on the host administrators to provide them with network topologies and server information. This paper will demonstrate tools and techniques to conduct serve...

Nov. 21, 2017 0 comments www.sans.org Apps & Hardening

The Automotive Top 5: Applying the Critical Controls to the Modern Automobile

by Roderick Currie

The car of today is an inherently vulnerable platform. At its core is a computing architecture from the 1980s which was designed to be lightweight and efficient, with very little thought given to security. As the modern automobile becomes increasingly connected, its attack surface only continues to grow. In the wake of several recent high-profile car hacking demonstrations, automakers face the daunting task of trying to lock down this insecure platform with bolt-on security fixes. This paper ...

Nov. 17, 2017 0 comments 28 minute read Apps & Hardening

How to Install Microsoft Exchange Server 2016 on Windows Server 2016 with PowerShell

by Karim Buzdar

Here is how to install Microsoft Exchange Server 2016 on Windows Server 2016 with the help of PowerShell. Exchange Server 2016 Cumulative Update 7 was released two months ago and you can download it here. Before you begin, review your system requirements:

Nov. 16, 2017 0 comments www.itprotoday.com Apps & Hardening

An Overview of Wordpress and its Security Plugins

by Mahwish Khan

Since Word Press is Open Source Platform, the Security features that come with it are also Open Source based. The primary advantages to this are that these plugins are constantly evolving, and you can pick out the ones that you think will best protect your website, blog site, or even your online store. There are many of these kinds of plugins that are out there, which is evident by doing a Google search. If you are new to Word Press are not exactly sure of what to use, you can always reach...

Nov. 14, 2017 0 comments resources.infosecinstitute.com Apps & Hardening

Implementing Public Key Infrastructure Using Microsoft Windows Certificate Services

by Michael Naish

Public Key Infrastructure (PKI) is a critical application that provides confidentiality and integrity to the Enterprise and its Customers. Microsoft Windows Server 2012 Certificate Services is a capable solution that creates a high assurance PKI, but there are many design decisions to make before implementation. By understanding prerequisites and configuration options, an organization can quickly develop a strategy to construct a PKI that meets its assurance needs. A clear strategy will short...

Nov. 14, 2017 0 comments 29 minute read Apps & Hardening


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.