NAXSI – Open-Source WAF For Nginx

Niginx用のwebアプリケーションファイアウォール。使ってみたいところです。

----
NAXSI – Open-Source WAF For Nginx
// Darknet – The Darkside

NAXSI is an open-source WAF for Nginx (Web Application Firewall) which by default can block 99% of known patterns involved in website vulnerabilities. NAXSI means Nginx Anti XSS & SQL Injection Technically, it is a third party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset...

Read the full post at darknet.org.uk

----

Defence In Depth For Web Applications

これ面白い記事ですね。多層防御、defence in depthをwebアプリに適用するときの考え方。こういうテンプレートが増えていくと、セキュリティの向上ににつかがりますね。

----
Defence In Depth For Web Applications
// Darknet – The Darkside

Defence in depth for web applications is something that not many companies apply even though the model itself is nothing new. Defence in depth refers to applying security controls across multiple layers, typically Data, Application, Host, Internal Network, Perimeter, Physical + Policies/Procedures/Awareness. Defence in depth is a principle of...

Read the full post at darknet.org.uk

----

More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking

クアルコムのSoCまわりに、ルート昇格のバグがあったらしい。影響範囲が10億というのがなんとも、スケールが大きい。

----
More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking
// The Hacker News

More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device. Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm's kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root

----

=?cp932?Q?Turing_Award_=81\_Inventors_of_Modern_Cryptography_Win?= =?cp932?Q?_$1_Million_Cash_Prize_?=

ディッフィーとヘルマンがチューリング賞を取ったらしい。暗号からのチューリング賞は感慨深い。

----
Turing Award — Inventors of Modern Cryptography Win $1 Million Cash Prize
// The Hacker News

And the Winners of this year's Turing Award are: Whitfield Diffie and Martin E. Hellman. The former chief security officer at Sun Microsystems Whitfield Diffie and the professor at Stanford University Martin E. Hellman won the 2015 ACM Turing Award, which is frequently described as the "Nobel Prize of Computing". Turing Award named after Alan M. Turing, the British mathematician and computer

----