I hope that by know all people that reads my blog has already changed their references to my new website.
Anyway here's another reminder about this change, and a reference to a new post.
Check it out at BrunoSilva.net
22/11/07
19/11/07
18/11/07
A minha nova casa cibernética!
Finalmente acabei a migração deste blog para o meu espaço próprio!
Actualizem as vossas referências nos favoritos e RSS readers.
Site: http://brunosilva.net
RSS: http://brunosilva.net/?feed=rss2
Actualizem as vossas referências nos favoritos e RSS readers.
Site: http://brunosilva.net
RSS: http://brunosilva.net/?feed=rss2
12/11/07
10/11/07
TinyURL.com - shorten that long URL into a Tiny URL
Do you want to share an really big URL in a presentation to an audience or in a printed document?
Maybe it isn't such a good idea. It's a boring task to copy it and in a presentation you don't want to show a slide for 5 minutes to let everyone copy it.
Well, you can use TinyURL.com. Type any long URL you want and it will create a new one like http://tinyurl.com/37xaar. It can be useful.
I found out about it in TechEd, when a speaker left some references in the end of the presentation.
Maybe it isn't such a good idea. It's a boring task to copy it and in a presentation you don't want to show a slide for 5 minutes to let everyone copy it.
Well, you can use TinyURL.com. Type any long URL you want and it will create a new one like http://tinyurl.com/37xaar. It can be useful.
I found out about it in TechEd, when a speaker left some references in the end of the presentation.
TechEd 2007 - Web Application Security
Web Application Security
Alik Levin
The first part didn't brought any knews. The only funny thing is that we pretended to be hacking TechEd website, but he was using an internal webserver while spoofing the adress :-)
The showed us Microsoft Network Monitor 3.1 as a sniffing tool. He made some SQL injection in a search form to reveal the schema of the database and retrieve login and password information.
Alik talked about exploiting over privileged accounts. Applications should only have permissions to access and do what it needs, otherwise some hacker can use the extra privileges to his own needs.
I head about some tools I didn't know and that can be quite useful.
Guidance Explorer - a tools that allows you to navigate in best practices documentation, select topics of your interest and export into a Word document.
Thread Analysis and Modeling tool - a tool where you can describe your application and find out what flaws you may have and how to fix them. It can also produce some useful reports.
FindStr and MSIL Disassembler - These two tools together allows you (for testing) or hackers (for attacking) to find critical data like passwords from .NET assemblies.
Alik Levin
The first part didn't brought any knews. The only funny thing is that we pretended to be hacking TechEd website, but he was using an internal webserver while spoofing the adress :-)
The showed us Microsoft Network Monitor 3.1 as a sniffing tool. He made some SQL injection in a search form to reveal the schema of the database and retrieve login and password information.
Alik talked about exploiting over privileged accounts. Applications should only have permissions to access and do what it needs, otherwise some hacker can use the extra privileges to his own needs.
I head about some tools I didn't know and that can be quite useful.
Guidance Explorer - a tools that allows you to navigate in best practices documentation, select topics of your interest and export into a Word document.
Thread Analysis and Modeling tool - a tool where you can describe your application and find out what flaws you may have and how to fix them. It can also produce some useful reports.
FindStr and MSIL Disassembler - These two tools together allows you (for testing) or hackers (for attacking) to find critical data like passwords from .NET assemblies.
Subscrever:
Mensagens (Atom)
