Archive for the ‘security’ Category
Cross Site Scripting and SQL injection explained
OWASP has a full range of videos that give you a basic view of XSS and SQL injection:
SQL injection
Full table and column traversal and site take-over is almost an inevitable consequence of non-managed user input and system output (like error messages). This OWASP video gives you a quick introduction.
Cross Site Scripting (XSS)
Easy to exploit, easy to find, highly varied – script injection in Javascript, typically to attack other users and exploit them.
You can find out more in the AppSec Tutorial Series by OWASP
Architecture and Infrastructure
synch.cc offers a range of Internet, intranet and wireless security services.
These include full system security audits, DNS security audits, firewall assessment and implementation and intranet management solutions.
Network policy formalisation and implementation form part of the process.
Gateway access restrictions and access quota management all allow for a secure and managed network infrastructure — both on the Internet and in the local network environment.
Although synch.cc prefers the implementation of Open Source Solutions, Microsoft systems such as (Proxy, Exchange, Server, Advanced Server) are all supported and managed.
Systems we develop and deploy are dedicated and shared SVN and GIT servers, distributed database systems, secure distributed data distribution systems and web infrastructural systems and management solutions thereof.
Contact us for your solution.
Open Source Software at synch.cc
synch.cc implements servers and workstations based on GNU/Linux systems.
Typical implemention of boxes is as
- gateway and firewall servers
- intranet mail and dns servers
- database servers
- extranet and web servers
- access-controlled cache servers
- file servers
- workstations
Before implementation, network analysis and audits are performed before implementation or setup, and maintenance contracts are available. Implementations follow implementation plans and life cycles as to cause minimal workflow disruption in the organisation.
Software is ported to the GNU/Linux platform where emulation is not possible or software is currently not available. Custom coding is available.
Full-Service Remote Desktop Support
synch.cc provides full remote-desktop support through the firewall onto your desktop, wherever you are, ad-hoc or as part of your service-level agreement for secure systems and network support!
The software includes full encryption, as an implemntation of RSA private-/public key exchange and AES (256 Bit) session encoding.
The key exchange also guarantees a full client-to-client data protection. This means that even the upstream routing servers will not be able to read the data stream.
Be it that you have a LAN installation or are browsing in the field on 3G / HSDPA or dial-up, synch.cc QuickSupport chooses the best display quality and speed depending on your network connection and access parameters.
Where to start with secure coding practices
Often, with coding projects that have developed organically, or with no specific security focus at the outset of the development. The question often arises where to start in securing the code one has.
The first step is to understand that there are issues to work through to retrofit security back into the code. Ideally, the code starts from a secure basis, but under some circumstances, the size or budget of the project does not allow for this.
So, how to proceed?
In terms of the code that we use to display, manage and filter user inputs before creating outputs, we know that there are a few challenges we need to mitigate in order to create a more secure data environment.
Some initial thoughts for discussion, below. Read the rest of this entry »
Payment Card Industry (PCI) Data Security Standard (DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a standard that guides the interaction of a system with credit card and/or payment information, in real-time, or by relay. Our networks are PCI DSS compliant. Read the rest of this entry »
welcome to synch.cc
synch.cc is a Cape Town based ICT consultancy. Our main focus is on facilitating secure network communications. We implement suitable and customised systems, secure network architectures and targeted software. Our mission is to develop highly effective and secure tools and solutions through migration and integration. We give our clients the power to communicate ideas and improve business processes through personalised service, and stable and secure distributed hardware infrastructures. synch.cc consults, develops and deploys systems and databased network solutions on both conventional proprietary and Free or Open Source Software platforms (such as GNU/Linux) using a range of integrated technologies. We look at how open source software solutions can benefit the organisation.
We provide forensic system and network security audits and consultation. At synch.cc, we offer both service level (SLAs) and maintenance agreements, on-site and remote systems support and a secure network foundation for your data requirements. synch.cc – secure network communications. synchronize with today!