ISW Security Papers Contest
Business Continuity/Disaster Recovery
Click here to return to the library index
Title Contributor Date Description Rating
Interpreting the Results of a Vulnerability Assessment: How to Focus on What’s Important in Your Web Application Security Testing Kevin Beaver 15/03/07 SPI Dynamics just completed a new article, written by Kevin Beaver and Caleb Sima, that discusses how to interpret and prioritize the results of Web application security tests. 9
Essential Trends and Dynamics of the Endpoint Security Industry Lenny Zeltser 01/07/05 Lenny Zeltser submits a paper called Essential Trends and Dynamics of the Endpoint Security Industry. It examines this sector from a technology strategy perspective, and explores the reasons behind the Symantec & Veritas merger. 6
Snort on Windows 2003 Sunil Vakharia 17/06/05 Sunil Vakharia introduces the installation, customization, hardening and updating of the Snort on a Windows 2003 Server. 9
Best Security Practice: Host Naming and URL Conventions Gunter Ollmann 17/04/05 A consideration often neglected by many organizations when rolling out new servers or developing web-based applications that will be accessible by Internet clients and customers is that of host and URL naming conventions. 9
Anti Brute Force Resource Metering Gunter Ollmann 13/04/05 This paper is about helping to restrict web-based application brute force guessing attacks through resource metering. 8
Snort/Base Install Manual for Fedora Core 3 Patrick Harper 18/02/05 A guide to installing Base (ACID's replacement) with Snort on Fedora Core 3. 10
Thick Client Application Security Arindam Mandal 16/01/05 This paper discusses the critical vulnerabilities and corresponding risks in a two tier thick client application along with the measures to mitigate risks. 9
Passwords - Common Attacks and Possible Solutions Dancho Danchev 17/11/04 Discusses different techniques for choosing and maintaining passwords. High overview discussion that could be used to educate users. 8
Business Continuity/Disaster Recovery - Community Contributions
Title Contributor Date Description Rating
Protecting Your Home Computer from Internet Threats Rick Wanner 23/10/07 Rick Wanner submits this update to his previous paper on Protecting Your Home Computer from Internet Threats. 1
Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle Caleb Sima 01/08/07 In part two of this Spi-Dynamics 3 part series, authors Caleb Sima and Vincent Liu discuss how to prioritize and remediate web application vulnerabilities. 6
Business Contingency Planning and Post September 11th, 2001 Brett Pladna 23/07/07 Brett Pladna submits this paper that discusses the lessons learned by many companies following Septemeber 11th, 2001. No votes
Core CS & Core PS Network High-Level Security Requirements Jamie Fisher 21/02/07 Jamie Fisher submits this extensive white paper on mobile/cellular security network. 10
Targeted Cyber Attacks - The Dangers Faced by your Corporate Network Sarah Testa 12/02/07 This security e-book, written by Sarah Testa from GFI, explains the real dangers posed by targeted cyber attacks and the measures organizations can adopt to secure against such threats 9
Information Security – Whose Responsibility is It? Guillermo Ortiz-Caceres 08/12/06 This paper, contributed by Guillermo Ortiz-Caceres, discusses the responsibility consumers have and how security can be achieved through education of best practices. 8
Vulnerability Enumeration For Penetration Testing Aelphaeis Mangarae 19/11/06 This paper is a sequel to Aelphaeis Mangarae's “Learn Information Gathering By Example”. This paper will go through looking for Vulnerabilities in remote system(s), which is what you would do in a Penetration Test after gathering information on the target. 10
Keystroke Dynamics Tom Olzak 25/09/06 In this paper Tom Olzak takes a look at biometrics, followed by keystroke dynamics, including history, how it works, and why it may be the answer for organizations with people or cost issues. 10
Penetration Testing Framework Toggmeister 25/07/06 This is the best one will find for frameworks to work from when performing penetration testing. Written by Toggmeister and Lee J Lawson. 10
Managing Disasters: Forming, Preparing and Testing the Disaster Recovery Plan Stephanie Hight 20/07/06 This paper, written by Stephanie Hight, will attempt to define and discuss the importance of having a Disaster Recovery Plan from the Information Technology perspective, as well as the essentials that need to be included in the plan. It will also discuss the inter-dependence and ability to work together in getting the systems back up and running at the original site or some other designated place. This paper will include tips in choosing the team that will be responsible for recovering all essential systems and the criteria that is placed on what systems need to be recovered in what order. 8
Building a Wireless Network for Residential Neighborhoods Timothy Powers 18/05/06 Timothy Powers submits this paper that will give some detail on the steps involved in setting up a wireless network to cover an apartment complex of several buildings. No votes
Cookie Security Arvind Doraiswamy 14/05/06 Arvind Doraiswamy contributes this paper which deals with the security issues related to Internet cookies and managers to assist. 7
Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? Craig Gosselin 17/04/06 This contribution, written by Craig Gosselin, discusses two open source tools, Snort and Bro that are either no cost or low cost that you can obtain and train to use. 10
The Feasibility of P2P Techniques Used in IM Worms Ge Zhang 13/03/06 Ge Zhang discusses IM worms infections through URL or infected file transferes in this contribution. 10
Securing Instant Messaging Tom Olzak 23/01/06 In this paper, Tom Olzak will review the current challenges facing businesses in which employees use public IM services. He also defines the possible damage to your business because of IM vulnerabilities as well as the objectives of an effective secure IM strategy. Finally, he looks at various ways to meet the goals of that strategy. No votes
Mitigation of Social Engineering Attacks in Corporate America Kevin C. Redmon 13/01/06 In this paper, Kevin Redmon describes the enemy and his various methods and strategies of attack to access this information. 10
Voice over IP Security Planning, Threats and Recommendations Dan Sass 30/12/05 Dan Sass discusses the security (risks, policies and procedures) around Voice over IP. 10
Wireless Security while Roving Patricia Redding 29/12/05 Patricia Redding submits this paper which examines Wi-Fi Protected Access, Pre-Shared Key, VPN, Remote Authentication Dial-In User Service, Kerberos, EAP, Quality of Service and firewalls as ways to protect computers from attacks such as Evil Twin, Phishing, Eavesdroppers, and Denial of Service. No votes
Information Privacy and Security for the Home-based Health Information Worker Monica S. Dunnehoo 28/12/05 This report by Monica Dunnehoo, offers guidance on implementing Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations and other privacy and security rules as they apply to the home-based health information worker. No votes
Information Security in Community Colleges Steven Marcus 20/12/05 Steven Marcus submits this paper on Information Security issues surrounding Community Colleges. 10
Investigating Botnets, Zombies, and IRC Security Seth Thigpen 14/12/05 Seth Thigpen submits this paper on Internet Security specific to Zombies, Botnets and how they use IRC as well as attacks committed using these methods such as DDOS. 7
Low Cost Technique for Intrusion Detection Kelly Lucas 12/12/05 Kelly Lucas submits this paper which addresses a technique that could be used by small to medium sized companies to address the needs of an Intrusion Detection process. 8
So You Think You Have a Good Business Recovery Plan? Roger Elrod 13/09/05 Roger Elrod delivers this paper on Business Continuity and Disaster Recovery. 10
VIRUSE - A System Enemy Professor PL Pradhan 26/08/05 Professor PL Pradhan submits this paper which takes a look at using computer down time to perform certain tasks such as brute forcing cryptoanalsysis, or other tasks. 10
Network Hardening: Using Warfare Strategy Shawn W. Toderick 19/08/05 Shawn Toderick presents his paper on hardening the network inspired by Sun Tzu’s The Art of War. 9
XSS Attacks FAQ Aelphaeis Mangarae 07/07/05 Aelphaeis Mangarae presents a solid overview of the threat of Cross Site Scripting. Examples of attacks, finding vulnerable sites, and protecting oneself are discussed. 8
Authentication and Session Management on the Web Paul Johnston 16/06/05 This contribution from Paul Johnston discusses web authentication and security. Specifically passwords and authentication, attacksing the system, stealing cookies and mitigation steps. 7
HTTP Response Splitting Diabolic Crab 19/04/05 This paper is a discussion on a fairly new web application vulnerability. It can be used for the following purposes. Cross site scripting (XSS): This is a very common and old form of vulnerability where it allows the user execution of html or java script code which can then lead to the hijacking of the user's cookie or session. 4
D-WARD, DDoS and Three Network Administrative Domains Hang Chau 18/10/04 Discussion on DDoS Network Attack Recognition and Defense (D-WARD). 7
Business Continuity Management Ghazali.A.Wasti 02/08/04 An overview of Business Continuity, and an outlined approach your business can take. 7

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.