IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [prevention]

9 questions
3
votes
1 answer

Retrieving CSRF token from third party website form using XHR (JavaScript)

I know they say CSRF tokens are the most secure way to prevent CSRF attacks but what if someone uses XHR to retrieve the page containing the csrf token along with the form and then use that token for his attacks? Why they don't say "Referer" header…
rez
  • 133
  • 4
2
votes
0 answers

Can Zeek (formerly Bro) be installed as in-line IPS?

I'm starting a comparison paper about inline Network IPS. I was looking for an opensource anomaly-based detection engine with IPS capabilities. The easiest choice seemed Zeek(formerly Bro) but from the website user-manual it doesn't look like it…
tanacca84
  • 21
  • 1
2
votes
7 answers

Backup is corrective control or a preventive control?

This is a theoritical question. There are preventive controls and corrective controls. So, is Backup a corrective control or a preventive control? There are mixed answers and mixed explainations. (CISA EXAM)
Mohammad
  • 517
  • 6
  • 17
1
vote
1 answer

Best Practices for exporting sensitive database data and transforming it whilist keeping it encrypted?

Say one has to export database data to use in another tool, such as an Excel Spreadsheet or for use as a csv file with some other program. There's a problem with this, and that's that it ends up in an unencrypted form on the disk, where it can be…
leeand00
  • 1,297
  • 1
  • 13
  • 21
1
vote
2 answers

XSS prevention via JavaScript

I am working on a XSS prevention via Javascript. I am using the following JS-Code for that: (function () { /* XSS prevention via JavaScript */ var XSSObject = new Object(); XSSObject.lockdown = function (obj, name) { if…
hm1912
  • 121
  • 4
0
votes
0 answers

Why does certification for datacenter equipment test for TEMPEST?

I wonder why certification (common criteria and stuff like that) of security critical hardware that is meant to be used in datacenters (e.g. link encryptors) includes some tests related to TEMPEST attacks. It seems to me that the actual test…
Adomas Baliuka
  • 109
  • 1
0
votes
0 answers

McAfee Security Control against Mitre Att&ck

I am researching articles about McAfee and the list of products against Mitre Att&ck. I am performing an assessment on whether they are able to perform the detection and prevention against each techniques covered in Mitre Att&ck. It is based on…
timothy
  • 1
0
votes
0 answers

Prevent XXS through file using WAF?

I encounter a scenario which the attacker create a .jpg file containing javascript code and after uploading, the script will be executed on the browser while the .jpg file is displaying. I configured all xss prevention settings on fortiweb but it…
Mehran
  • 1
  • 1
0
votes
1 answer

Zero Day Policies implementation

I'm new here, and sorry if my english is a little bit broken it's not my main language. I'm trying to put together a document/ppt for my startup with a Zero Day policy structure. But I'm not finding real implemented flows, information, or something…
Saikios
  • 103
  • 2