Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

XML Port Scanning

from [Paul Theriault] Network Security [Permanent Link]
Subject: XML Port Scanning
Date: Wed, 27 Sep 2006 14:18:40 +1000 
SIFT has released a new Intelligence Report that provides a discussion on a
new network reconnaissance technique, using XML for completing remote port
scans that effectively bypass a perimeter firewall. The technique utilises
properties of XML parsers to perform the scanning of systems, and while the
technique relies on some reasonably specific implementation details in order
to be exploitable remotely, it is potentially applicable to any application
that accepts XML document inputs.

Several workarounds exist and have been detailed in this paper and the
technique does not offer the ability to perform advanced fingerprinting or
analysis of the underlying operating system of hosts. However, this
technique demonstrates the danger that inadequately configured XML parsers
can pose to an organisation and highlights the inability of traditional
network security devices to handle application-level threats.

The report is available for download from the SIFT website:
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perime
ter-firewalls.htm


Regards,
Paul Theriault
www.sift.com.au

-------------------------------------------------------------------------
Sponsored by: Watchfire

It's been reported that 75% of websites are vulnerable to attack. That's 
because hackers know to exploit weaknesses in web applications. 
Traditional approaches to securing these assets no longer apply. Download 
the "Addressing Challenges in Application Security" whitepaper today, and 
see for yourself.

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmw
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  web application, data classification and database security, test . future
Next by Date:  Re: web application, data classification and database security, test . future
Previous by Thread:  web application, data classification and database security, test . future
Next by Thread:  XML File Inclusion and Path Traversal Attacks (was RE: XML Port Scanning), Jan P. Monsch
Indexes:  [Date] [Thread] [Top] [All Lists]