SharePoint and FrontPage Server Extensions in security scanner results


A Web site based on SharePoint Team Services™ from Microsoft is built on top of both the Microsoft FrontPage Server Extensions — this introduction from Microsoft article on SharePoint sounds quite scary in the beginning, if you know security history of FrontPage extensions.

Polish Trusted Profile signature reaches 100k users


In 2011 Polish government introduced a new, simpler method for authentication of official communication with governmental offices — the Trusted Profile (Profile Zaufany). In 2013 it has crossed 100'000 users mark.

Kontrole biznesowe (?) w fakturach elektronicznych

W nowym rozporządzeniu o fakturowaniu elektronicznym pojawiło się dość osobliwe pojęcie "kontroli biznesowych".

PHP cryptography - proceed with care

A couple of case studies from PHP world demonstrating how important it is that application framework authors provide carefully designed cryptography interface to programmes. Otherwise it's almost certaint that will be implemented incorrectly.

Web.config rules for Yasca

Combined rules from two open-source tools for static application security testing — WCSA and Yasca.

Michał Tabor: Komentarz do analizy


Michał Tabor udostępnił mi swoje komentarze do opublikowanej wcześniej Analizy stanu przygotowań dotyczących wprowadzenia nowych dowodów osobistych.

Python XML RPC over HTTP proxy


The XML-RPC over HTTP proxy given in Python documentation doesn't really work, so I've written a fixed XML-RPC transport for xmlrpclib that seems to work.

Python module for flexible SSL HTTP server handling


This module allows flexible SSL certificate from a server. Unlike standard ssl module in Python, this function handles HTTP proxy and invalid certificates.

European personal data regexp patterns

I've spent some time browsing through publicly available sources to find out what are various identification numbers across Europe, especially those that can be treated as "personal data". The numbers listed below include national identification, tax, health, social security and bank codes that I was able to identify.

Testing X-Content-Security-Policy

If you wondered how X-Content-Security-Policy works in real life here's an example.

Trusted timestamping example in Python


Here's a simple example on how to request a trusted timestamping service from a certificate authority using TSP (Time-Stamp Protocol). It's really simple if the server allows you to use standard HTTP interface instead of full TSP interface.

ISACA już oficjalnie w Katowicach


Oddział ISACA w Katowicach został już oficjalnie wpisany na listę międzynarodowych chapterów tej organizacji.

Building a cost-benefit model for application security testing

Is it possible to speak about application security testing in economic terms? My intuition and practice suggested that it's not only possible but necessary for security testing to really make sense.

Practical security of RSA keys over Internet

A very important research paper has been just published on eprint — wide analysis of practical security of RSA keys found in the wild. It shows that implementation or usage issues resulting in weak keys are much more widespread than previously expected.

Syndicate content