Foundstone, a division of McAfee, Inc.
Foundstone Inc. offers a unique combination of software, services, and education to help organizations continuously and measurably protect their most important assets from the most critical threats. Through a strategic approach to security, of mind they demand, with proactive, asset-based security risk solutions that address the entire vulnerability management lifecycle from policy through compliance. Foundstone's award-winning, state-of-the-art , , and simplify security, direct resources where they'll have the most impact, and fortify the enterprise with measurable returns. Strategic Security Solutions and Broad Expertise - All In One Place No other security company offers this unique combination of. .
QualysGuard Free Trials & Guides
Tools & Trials Try one of Qualys' free vulnerability management lifecycle tools, or register for a full 14-day trial of QualysGuard to identify and eliminate security vulnerabilities on your network. There's nothing to install or download - all you need is a publicly facing IP and a web browser to scan your network. LIFECYCLE FEATURES DISCOVERY ** - - - - - * - - - ASSET PRIORITIZATION - - - - - - VULNERABILITY ASSESSMENT - ** - - - . .
McAfee to buy Foundstone for $86 million - Network World
Anti-virus software company McAfee Monday said it is buying Foundstone, which makes software for detecting and managing software vulnerabilities, for $86 million in cash. G Related content InfoWorld InfoWorld Community The acquisition will add Foundstone's line of vulnerability management software to McAfee's growing list of security products. McAfee plans to combine Foundstone's technology for spotting and remediating software vulnerabilities with its intrusion detection and security policy management products, allowing companies to identify and shield high-priority computer assets from attack. As part of the deal, Foundstone's professional. .
Ethical Hacking : Courses, Hackers, Ethics, and Resources
Certified Ethical Hacking Instruction and Course Evaluations. including the OSSTMM Stealthy network recon Multi-OS banner grabbing Remote root vulnerability exploitation Privilege escalation hacker Unauthorized data extraction Remote access trojan hacking Offensive sniffing Wireless insecurity Breaking IP-based ACLs via spoofing Evidence removal and anti-forensics Attacking network infrastructure devices Brute forcing remotely Web Applications Breaking into databases with SQL Injection Cross Site. .
SecuriTeam™ - How to Break Windows XP SP2 (Drag and Drop Media Files) - Proof of Concept
Beyond Security® will help you expose your security holes and will show you what the bad guys already know about your hosts and network. Use our Automated Scanning service to perform a full security audit of your site, and find the latest to execute arbitrary code on Local Zone. In this article a detailed proof of concept shows the vulnerability. Credit: The information has been provided by . The original article can be found at: Details It is possible to execute machine code with a series of html commands on an Windows XP SP2 system. Its getting harder and harder these days so be ready for a long confusing paper. Running the Proof of Concept: * All files for the proof of concept can be found here: * Open. .
SQL Injection Attacks by Example
taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience. .
SecurityTracker.com Archives - SlimBrowser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information
E-mail Alert Summary Buy our to receive customized, instant alerts Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free! Become a Partner and Our Database or Notification Service Report a vulnerability that you have found to SecurityTracker Category: > Vendors: SlimBrowser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information SecurityTracker Alert ID: 1011934 SecurityTracker URL: http://securitytracker.com/id?1011934 CVE. .
Products
IT GlobalSecure - IT Security Products an]d Services for Business and Government. Game Security Solutions for Networked Games. Media Services System Architecture Design Intranet Extranet Design Security Policy Creation Vulnerability Assessments Ecommerce Services Encryption & PKI IT Security Assessments Secure Digital Distribution Digital Rights Management Integration Services Product Line Review Internet Marketing Requirements Analysis Project Management Ind. Product Review Search Engine Optimization Global Logistics Biz Process Improvement Strategic Marketing System. .
HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to Search: HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of 'setinfo.hts' script.This vulnerability can be combined with HP Web Jetadmin Firmware Update Script Arbitrary File Upload. .
Q-235: Cisco Security Advisory: Access Point Web-browser Interface Vulnerability
INFORMATION BULLETIN Q-235: Cisco Security Advisory: Access Point Web-browser Interface Vulnerability [Document ID: 70567] June 28, 2006 18:00 GMT PROBLEM: A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). PLATFORM: The following access points are affected if running Cisco IOSŪ Software Release 12.3(8)JA or 12.3(8)JA1 and are. .
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Foundstone Inc. offers a unique combination of software, services, and education to help organizations continuously and measurably protect their most important assets from the most critical threats. Through a strategic approach to security, of mind they demand, with proactive, asset-based security risk solutions that address the entire vulnerability management lifecycle from policy through compliance. Foundstone's award-winning, state-of-the-art , , and simplify security, direct resources where they'll have the most impact, and fortify the enterprise with measurable returns. Strategic Security Solutions and Broad Expertise - All In One Place No other security company offers this unique combination of. .
QualysGuard Free Trials & Guides
Tools & Trials Try one of Qualys' free vulnerability management lifecycle tools, or register for a full 14-day trial of QualysGuard to identify and eliminate security vulnerabilities on your network. There's nothing to install or download - all you need is a publicly facing IP and a web browser to scan your network. LIFECYCLE FEATURES DISCOVERY ** - - - - - * - - - ASSET PRIORITIZATION - - - - - - VULNERABILITY ASSESSMENT - ** - - - . .
McAfee to buy Foundstone for $86 million - Network World
Anti-virus software company McAfee Monday said it is buying Foundstone, which makes software for detecting and managing software vulnerabilities, for $86 million in cash. G Related content InfoWorld InfoWorld Community The acquisition will add Foundstone's line of vulnerability management software to McAfee's growing list of security products. McAfee plans to combine Foundstone's technology for spotting and remediating software vulnerabilities with its intrusion detection and security policy management products, allowing companies to identify and shield high-priority computer assets from attack. As part of the deal, Foundstone's professional. .
Ethical Hacking : Courses, Hackers, Ethics, and Resources
Certified Ethical Hacking Instruction and Course Evaluations. including the OSSTMM Stealthy network recon Multi-OS banner grabbing Remote root vulnerability exploitation Privilege escalation hacker Unauthorized data extraction Remote access trojan hacking Offensive sniffing Wireless insecurity Breaking IP-based ACLs via spoofing Evidence removal and anti-forensics Attacking network infrastructure devices Brute forcing remotely Web Applications Breaking into databases with SQL Injection Cross Site. .
SecuriTeam™ - How to Break Windows XP SP2 (Drag and Drop Media Files) - Proof of Concept
Beyond Security® will help you expose your security holes and will show you what the bad guys already know about your hosts and network. Use our Automated Scanning service to perform a full security audit of your site, and find the latest to execute arbitrary code on Local Zone. In this article a detailed proof of concept shows the vulnerability. Credit: The information has been provided by . The original article can be found at: Details It is possible to execute machine code with a series of html commands on an Windows XP SP2 system. Its getting harder and harder these days so be ready for a long confusing paper. Running the Proof of Concept: * All files for the proof of concept can be found here: * Open. .
SQL Injection Attacks by Example
taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience. .
SecurityTracker.com Archives - SlimBrowser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information
E-mail Alert Summary Buy our to receive customized, instant alerts Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free! Become a Partner and Our Database or Notification Service Report a vulnerability that you have found to SecurityTracker Category: > Vendors: SlimBrowser Tabbed Browsing Errors Let Remote Users Spoof Sites and Obtain Information SecurityTracker Alert ID: 1011934 SecurityTracker URL: http://securitytracker.com/id?1011934 CVE. .
Products
IT GlobalSecure - IT Security Products an]d Services for Business and Government. Game Security Solutions for Networked Games. Media Services System Architecture Design Intranet Extranet Design Security Policy Creation Vulnerability Assessments Ecommerce Services Encryption & PKI IT Security Assessments Secure Digital Distribution Digital Rights Management Integration Services Product Line Review Internet Marketing Requirements Analysis Project Management Ind. Product Review Search Engine Optimization Global Logistics Biz Process Improvement Strategic Marketing System. .
HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability
SecurityFocus is designed to facilitate discussion on computer security related topics, create computer security awareness, and to provide the Internet's largest and most comprehensive database of computer security knowledge and resources to Search: HP Web Jetadmin setinfo.hts Script Directory Traversal Vulnerability It has been reported that HP Web JetAdmin may be prone to a directory traversal vulnerability allowing remote attackers to access information outside the server root directory. The problem exists due to insufficient sanitization of user-supplied data passed via the 'setinclude' parameter of 'setinfo.hts' script.This vulnerability can be combined with HP Web Jetadmin Firmware Update Script Arbitrary File Upload. .
Q-235: Cisco Security Advisory: Access Point Web-browser Interface Vulnerability
INFORMATION BULLETIN Q-235: Cisco Security Advisory: Access Point Web-browser Interface Vulnerability [Document ID: 70567] June 28, 2006 18:00 GMT PROBLEM: A vulnerability exists in the access point web-browser interface when Security > Admin Access is changed from Default Authentication (Global Password) to Local User List Only (Individual Passwords). PLATFORM: The following access points are affected if running Cisco IOSŪ Software Release 12.3(8)JA or 12.3(8)JA1 and are. .
