Introduction
Security professionals either currently employed or seeking employment are often requested to pass certification exams. In fact, many companies may not even consider an applicant for a position that does not have the "required" certifications.
With this being said, in this post we will discuss the purpose behind certifications, how we should view their obtainment, as well as list of different certifications currently offered in the industry.
Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Tuesday, May 29, 2012
Thursday, March 22, 2012
How to setup and configure snort for a Linux (Ubuntu spec.) System
Introduction
Note: This guide is not very stable, use at your own risk, do not go into this without some understanding of *nix, and the ability to solve problems and google and stuff. Also snort was not designed for wireless, this configuration will not work with wireless at all. There are hacky patches you could maybe apply to get snort to work with kismet or something (I didn't look too far into it) but honestly at that point it would much easier to choose a more light weight IDS
This is a post Jordan and myself had been talking about writing since the last meeting. Snort is a wonderful open source Intrusion Detection System (IDS) which is very effective as a first response system when your machine is being attacked, or as a line of defense in computer security related games like Capture the Flag (CTF)
I decided to set it up on my local machine for fun (since it's not very necessary on a machine not running services, but fun to have) as well as give me the ability to step through the process. I'm setting up the Snort IDS utilizing the postgres SQL database (because I already have it setup for metasploit interaction).
Note: This guide is not very stable, use at your own risk, do not go into this without some understanding of *nix, and the ability to solve problems and google and stuff. Also snort was not designed for wireless, this configuration will not work with wireless at all. There are hacky patches you could maybe apply to get snort to work with kismet or something (I didn't look too far into it) but honestly at that point it would much easier to choose a more light weight IDS
This is a post Jordan and myself had been talking about writing since the last meeting. Snort is a wonderful open source Intrusion Detection System (IDS) which is very effective as a first response system when your machine is being attacked, or as a line of defense in computer security related games like Capture the Flag (CTF)
I decided to set it up on my local machine for fun (since it's not very necessary on a machine not running services, but fun to have) as well as give me the ability to step through the process. I'm setting up the Snort IDS utilizing the postgres SQL database (because I already have it setup for metasploit interaction).
Monday, February 20, 2012
Searching for Devices Using the SHODAN Search Engine
In this post, I'm going to discuss a very useful search engine called SHODAN, as well as introduce the API it offers for development. I will also include a link to a PHP API Wrapper that I wrote that can assist in easily accessing SHODAN from a web application.
Source: http://www.shodanhq.com
Friday, August 5, 2011
Cross Site Scripting (XSS) Attacks and Why We Should Care
Web applications are always becoming more and more complex. For many, trying to constantly push out new features as quickly as possible is causing security to be put at the back-burner of the development process. This could occur for a number of reasons including small development budgets, tight deadlines, and general unawareness of best security practices to name a few.
The result of not taking security seriously when developing software leads to vulnerabilities which put not only the organizations systems, but also potentially its reputation and customer's personal data at risk. This is largely the case when it comes to web-application vulnerabilities. There are many types of these vulnerabilities, but, for the sake of this article, we will cover a particular type of input validation vulnerability called Cross-Site Scripting (XSS) attacks.
The result of not taking security seriously when developing software leads to vulnerabilities which put not only the organizations systems, but also potentially its reputation and customer's personal data at risk. This is largely the case when it comes to web-application vulnerabilities. There are many types of these vulnerabilities, but, for the sake of this article, we will cover a particular type of input validation vulnerability called Cross-Site Scripting (XSS) attacks.
Tuesday, August 2, 2011
Introduction
This blog is designed to be the homepage for the [as of now, unofficial] Texas Tech RaiderSec organization. The purpose of this organization is to invite anyone who wants to learn more about the security threats that plague our lives not only physically (locks and other physical security systems) but, increasingly, virtually as well.
Through organizational meetings, we hope that everyone can learn something about security and apply it to there lives. There will be hands-on demonstrations of real-world threats, as well as tips on mitigating these specific threats and improving one's security awareness in general. These demonstrations will include both online as well as physical security threats - analyzing how they work and how to protect against them.
Through organizational meetings, we hope that everyone can learn something about security and apply it to there lives. There will be hands-on demonstrations of real-world threats, as well as tips on mitigating these specific threats and improving one's security awareness in general. These demonstrations will include both online as well as physical security threats - analyzing how they work and how to protect against them.
Subscribe to:
Posts (Atom)