21 Jan 2013

Grey Hat Hacking & Standford

 

Standford University - Cryptography Course, Completed.
I could not be more satisfied with that being completed.. It has taken a lot of my time, and I were almost about to lose it, but got through it with a great result. I am awaiting my certification by Dan Boneh.

This book, I have gotten inspired of, and are hooked! - now I'm getting back on track where my motivation comes in, and just swallow page by page.

I got inspired by some InfoSec guy, and I have being followed him for some time. Although I decided to move on from Secrets and lies to this one, since I did not found that book to be in my entire interest! .. But I have to mention, sooner or later I will complete it :-) .. Just not ATM!

 I find it most essential to study this e-book. The thing is, I'm starting on The Business Academy the 24'th January 2013 - 2'th Semester in Computer Science, and do not got that much time off probalby to read, since there would most likely be a lot of challenges within scope of 2013. 

Mentally, I'm ready for the challenges and unexpected, so I'll give it my 110%!.

The Website www.maxjensen.dk - Is recently updated with a brand new design, because I felt like there needed to be a bit more structure of my postings and information posting on there. Disregard that one.com - my hosting company allowed me to modify on a Mac, which I am glad for! - the other website I had, I had to go onto my windows computer, and modify everything.. 

 I will be posting my opinion about the book when I finished reading. Meanwhile I will sit back with a nice cup of coffie, and enjoy reading this! 

The place I got inspired of to read this book is listed bellow!


Resource link: http://www.t3rm1t.blogspot.dk/

-----------------------

  • Authentication and authorization The best applications ensure that authentication and authorization steps are complete and cannot be circumvented. 

  • Mistrust of user input Users should be treated as “hostile agents” as data is verified on the server side and strings are stripped of tags to prevent buffer overflows. 

  • End-to-end session encryption Entire sessions should be encrypted, not just portions of activity that contain sensitive information. In addition, secure applications should have short timeout periods that require users to re- authenticate after periods of inactivity. 

  • Safe data handling Secure applications will also ensure data is safe while the system is in an inactive state. For example, passwords should remain encrypted while being stored in databases and secure data segregation should be implemented. Improper implementation of cryptography components have commonly opened many doors for unauthorized access to sensitive data. 

  • Eliminating misconfigurations, backdoors, and default settings A common but insecure practice for many software vendors is to ship software with backdoors, utilities, and administrative features that help the receiving administrator learn and implement the product. The problem is that these enhancements usually contain serious security flaws. These items should always be disabled and require that the customer enable them, and all backdoors should be properly extracted from source code. 

  • Security quality assurance Security should be a core discipline when designing the product, during specification and development phases, and during testing phases. Vendors who create security quality assurance teams (SQA) to manage all security-related issues are practicing due diligence.