ISW Security Papers Contest
 
Information Assurance
Click here to return to the library index
Title Contributor Date Description Rating
Web Application Footprinting & Assessment with MSN Search Tricks Shreeraj Shah 29/12/05 Shreeraj Shah submits this work on some of the queries that can be run against SEARCH.MSN in order to fetch important information that would eventually help in web application assessment. 10
The Pharming Guide Gunter Ollmann 02/09/05 Gunter Ollmann submits another of his works that focuses on Pharming, understanding and preventing DNS related attacks. 10
Shadow Software Attack Angelo Rosiello 17/07/04 The shadow software attack does not exploit a bug on server or client but rather the insecure interactions of applications. This paper gives a background and analysis of shadow software attacking. 8
Security Through Obscurity K.Duraiswamy & R.Uma Rani 20/06/04 As well as offering an introduction to cryptography and steganography, this paper proposes a new algorithm by where the combination of these techniques enhances security in data transfer. 6
Local Access Can Nullify The Strongest Passwords Jason Mansfield 18/06/04 Outlines how a malicious user with physical access to a computer can, within time, gain any or all passwords for that machine through obtaining the hashes, and also outlines ways of keeping those hashes safe(r). 7
The easiest way to get around SSL Roberto Larcher 16/03/04 Explains how it is often possible, with the simple substitution of a string, to get around a “secure” implementation based on an incorrect use of SSL. 7
Known Attacks Against Smartcards Hagai Bar-El 22/01/04 This document analyzes, from a technical point of view, currently known attacks against smart card implementations. No votes
Security Implications of Hardware vs. Software Cryptographic Modules Hagai Bar-El 11/01/04 Discusses the weaknesses that are inherent to software-based cryptographic modules in relation to cryptographic modules that are hardware-based. 7
When To Use Biometrics Hagai Bar-El 20/12/03 Discusses biometric systems: while they can provide fast and secure user authentication with minimal user intervention, they have several inherent limitations making them inappropriate for most environments where authentication is used. 10
Smart Cards as Secure Corporate Badge? Shahin Shadfar 11/09/03 The merits of different modules available on the market that constitute a smart card based Corporate Badge solution 10
Key Iterations & Cryptographic Salts Adam Berent 05/09/03 Discusses the use of key iterations and cryptographic salts to stop dictionary attacks in password based encryption (symmetric cryptography). No votes
Advanced Encryption Standard by Example Adam Berent 15/07/03 This document provides a detailed and easy to understand explanation of the implementation of the AES (RIJNDAEL) encryption algorithm. The purpose of this paper is to give developers with little or no knowledge of cryptography the ability to implement AES. 10
Enterprise Identity Management Brien Cincera 12/07/03 This is the presentation given by Brian Cincera at this years Infraguard FBI meeting. (Powerpoint) No votes
The Problems with Passwords ArticSoft Ltd 28/09/02 From the perspective that most current Internet password systems are flawed, this paper attempts to explain how such systems came about and new routes forward. 8
IPsec Trevor Clark 04/09/02 This paper discusses the protocols and standards which apply to IPsec. It presents sample scenarios that utilize IPsec. 9
Steganography Charles Hornat 04/09/02 Sensitive messages hidden in data files; methods and examples 8
 
Information Assurance - Community Contributions
Title Contributor Date Description Rating
Digital Piracy Brett Pladna 23/05/08 This paper, written by Brett Pladna will discuss piracy and copyright infringement. Since the boom of the Internet it is possible to download all types of files. 10
Social Networking Site Shut Down Dan Morrill 12/11/07 Dan Morrill writes a very interesting paper on a very real problem, using SPAM to take an innocent web site offline. 3
The Corporate Risks Associated with Obsolete Computer Equipment Daniel James 09/11/07 In this paper, Daniel James discusses the risks posed by obsolete computer equipment in a corporate environment. 5
Improve Data Protection Processes with Content Discovery, Monitoring and Filtering Tom Olzak 07/11/07 In this paper, Tom Olzak defines the challenges facing organizations as they attempt to protect sensitive information from both unintentional and malicious activities, including what characteristics of data make them an easy mark. He then looks at arguably the most important approach to meeting these challenges—CMF. Finally, he describes one of the top three CMF solutions as an example of how current technology can be applied to data leakage protection. 1
Controlling Website Account Information Alex Colson 31/07/07 Alex Colson submits this article on security around website account information submitted by users. 10
Security Code Review Advantages over Black-Box/Grey-Box Application Security Assessment Kiran Maraju 11/07/07 This paper, written by Kiran Maraju, gives an insight on the benefits of security code review than black-box/grey-box security assessment and some instances detailing the importance of security source code review. 4
Biometrics: 21st Century Security Stan Smith 30/05/06 Stan Smith writes this paper on the usage of Biometrics. 10
Spreadsheet Assurance Tom Olzak 12/05/06 In this paper, Tom Olzak, look at the challenges faced by organizations that manage by spreadsheet. Tom also examines ways to secure and manage spreadsheets while in production. 4
Unified Identity Management Tom Olzak 02/03/06 Tom Olzak submits this paper which explores the common identity and privacy challenges facing Internet users are they move from one content location to another. No votes
eDiscovery Challenges Tom Olzak 27/02/06 In this paper, Tom Olzak explores the challenges of eDiscovery (Electronic Discovery) followed by recommendations that might help avoid the high costs of compliance – or non-compliance. No votes
Data Storage Security Tom Olzak 17/02/06 Tom Olzak explores data storage vulnerabilities, the risks these vulnerabilities present to an organization, and ways to effectively manage those risks. No votes
The Secure Storage, Distribution, and Management of Radiology Images Myron Coulson 12/01/06 Myron Coulson submits this paper discussing Securing, storing, and providing reliable access to healthcare data, specifically radiology images, has become more important in healthcare as physicians are expecting immediate and remote access to patient data. 8
SCADA Systems Security Arjun Venkatraman 09/01/06 Arjun Venkatraman submits this paper that defines what SCADA systems are and their application in modern industry and infrastructure, to elucidate the reasons for rising concern over the security of these systems, to analyze the fundamental vulnerabilities and to put forth recommendations for the implementation of security in these systems. 7
Security Considerations for Storage Area Networks Colleen Rhodes 27/12/05 In this paper, Colleen Rhodes describes Storage Area Networks (SANs) and the benefits they can bring as well as the emerging need for them in businesses today. 9
Hacking Techniques: Web Application Security Shynlie Simmons 19/12/05 This paper, contributed by Shynlie Simmons, focuses on hacking techniques of web applications and how the implementation of security through programming can keep intruders from wreaking havoc on your system. 10
Using Digital Certificates to Identify Web Site Owners and Protect Against Phishing Edwin Aldridge 30/09/05 Edwin Aldridge submits this paper on digital certificates, where he discusses Identitity and Trust and bringing it in to the real world. 10
Application Level Cryptography: Combinational Stream & Block Ciphering Using Double Encryption Algorithms Ashish Anand 13/07/05 Ashish Anand submits a paper on application level cryptography. Ashish explains the concept of using cryptography from an integrity perspective, choosing algorithms and keys, compression, latency, vulnerabilities to consider and etc. 9
Port-based authentication with IEEE 802.1x William J. Meador 07/08/04 You have probably already heard of IEEE 802.1x; it is one of the security buzzwords that we hear about often. Many people associate 802.1x with securing 802.11 wireless LAN’s, but 802.1x has the ability to do more, including securing IEEE 802.3 Ethernet and even IEEE 802.5 Token Ring network ports. So what exactly is the IEEE 802.1x Standard? What does 802.1x attempt to accomplish? How does it work? And can it be considered secure? 6
The Basics and use of XOR Kasp3r 01/03/03 'Although the XOR encryption is too simple to be of any real use for protecting sensitive data, because of its simplicity virus writers have found it attractive in making their Polymorphic Viruses go unnoticed by AV programs that check for viral signatures in programs...' 8
Basics of Cryptography Luser 04/09/02 Basics of cryptography: mono-alphabetic substitution, cracking a mono-alphabetic substitution cipher and more. 8
Kerberos An Authentication System for Open Network Systems Nilesh Madhu 04/09/02 This document tries to explain the basics of the Kerberos authentication system for open networks along with the motivations for its development. It describes the Kerberos system as developed in the MIT as a part of the ATHENA project. 8
Quantum Cryptography Caboom 04/09/02 This tutorial is written for people that are not familiar with quantum physics and will explain the basics of quantum cryptography. 8

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.