Profile cover photo
Profile photo
BinaryMist
11 followers
11 followers
About
Posts

Post has attachment
Large number of image updates due to finding that many were not up to scratch when Fascicle 0 went to print. Swapped text images for real images. Many large additions to the VPS chapter and fewer to the Network chapter, such as: * The pitfalls of logging…

Post has attachment
Risks Lack of captchas are a risk, but so are captchas themselves… Let’s look at the problem here? What are we trying to stop with captchas? Bots submitting. What ever it is, whether: Advertising Creating an unfair advantage over real humans Link creation…

Post has attachment
Risks I see this as an indirect risk to the asset of web application ownership (That’s the assumption that you will always own your web application). Not being able to introspect your application at any given time or being able to know how the health…

Post has attachment
Risks This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never…

Post has attachment
Untrusted data (data entered by a user), should always be treated as though it contains attack code. This data should not be sent anywhere without taking the necessary steps to detect and neutralise the malicious code. With applications becoming more…

Post has attachment
Risks Passwords and other secrets for things like data-stores, syslog servers, monitoring services, email accounts and so on can be useful to an attacker to compromise data-stores, obtain further secrets from email accounts, file servers, system logs,…

Post has attachment
The following is the process I found to set-up the pass-through of the very common USB TP-LINK TL-WN722N Wifi adapter (which is known to work well with Linux) to a Virtual Host Kali Linux 1.1.0 (same process for 2.0) guest, by-passing the Linux Mint 17.1…

Post has attachment
Most of my spare energy is going to be going into my new book for a while. I’m going to be tweeting as I write it, so please follow @binarymist. You can also keep up with my change-sets at github. You can also discuss progress or even what you would find…

Post has attachment
#NodeJS #Web #Application on Production #Linux Evaluation of #systemd #forever #pm2 #supervisor #Monit #Passenger

All the following offerings that I’ve evaluated target different scenarios. I’ve listed the pros and cons for each of them and where I think they fit into a potential solution to monitor your web applications (I’m leaning toward NodeJS) and make sure they…

Post has attachment
Rundown on #OSSEC & #Stealth (file integrity checkers #HIDS

Followed up with a test deployment and drive. The best time to install a HIDS is on a fresh install before you open the host up to the internet or even your LAN if it’s corporate. Of course if you don’t have that luxury, there are a bunch of tools that…
Wait while more posts are being loaded