Support
Articles and Tutorials
Policy
FAQ
Glossary
Products
Sax2 NIDS
Sax2 Screenshots
Buy Now
White Papers
Awards
Download
Contact Us

Consulting:

Technical Support:

Sales:

General Information:

 

 
  

document ASP.NET Misconfiguration: Creating Debug Binary

Creating Debug Binary Abstract Debugging messages help attackers learn about the system and plan a form of...

 document ASP.NET Misconfiguration: Missing Custom Error Handling

ASP.NET Misconfiguration: Missing Custom Error Handling Abstract An ASP .NET application must enable custom error pages in order to prevent...

document Failure of true random number generator

Failure of true random number generator Overview True random number generators generally have a limited source of entropy and therefore can fail...

 document Information leak through class cloning

Information leak through class cloning Overview Cloneable classes are effectively open classes since data cannot be hidden in...

 document Information leak through serialization

Information leak through serialization Overview Serializable classes are effectively open classes since data cannot be hidden in...

 document Insecure Compiler Optimization

Insecure Compiler Optimization Abstract Improperly scrubbing sensitive data from memory can compromise security. Description Compiler...

 document J2EE Misconfiguration: Insecure Transport

J2EE Misconfiguration: Insecure Transport Abstract The application configuration should ensure that SSL is used for all access controlled...

 document J2EE Misconfiguration: Missing Error Handling

J2EE Misconfiguration: Missing Error Handling Abstract A web application must define a default error page for 404 errors, 500 errors and to catch...

 document J2EE Misconfiguration: Unsafe Bean Declaration

J2EE Misconfiguration: Unsafe Bean Declaration Abstract Entity beans should not be declared remote. Description Entity beans that expose a...

 document J2EE Misconfiguration: Insufficient Session-ID Length

J2EE Misconfiguration: Insufficient Session-ID Length Abstract Session identifiers should be at least 128 bits long to prevent brute-force session...

document J2EE Misconfiguration: Weak Access Permissions

J2EE Misconfiguration: Weak Access Permissions Abstract Permission to invoke EJB methods should not be granted to the ANYONE role. ...

 document Publicizing of private data when using inner classes

Publicizing of private data when using inner classes Overview Java byte code has no notion of an inner class; therefore inner classes provide only...

 document Relative path library search

Relative path library search Overview Certain functions perform automatic path searching. The method and results of this path searching may not be...

document Reliance on data layout

Reliance on data layout Overview Assumptions about protocol data or data stored in memory can be invalid, resulting in using data in ways that...

 document Relying on package-level scope

Relying on package-level scope Overview Java packages are not inherently closed; therefore, relying on them for code security is not a good...

 document Resource exhaustion

Resource exhaustion Overview Resource exhaustion is a simple denial of service condition which occurs when the resources necessary to perform an...

 document Trust of system event data

Trust of system event data Overview Security based on event locations are insecure and can be spoofed. Consequences Authorization: If...