Books
Web Application Security – A Beginner’s Guide
November 3, 2011
Publisher: McGraw-Hill Osborne Media; 1 edition
Published: November 3, 2011
ISBN-10: 0071776168
ISBN-13: 978-0071776165
Giving back to the security community is not only a founding principle at Stach & Liu but also a distinguishing feature of our practice. We are one of the few professional services firms that actively conduct cutting-edge research, and we leverage our extensive relationships within the security community to give us unique access to the latest threats, tools, and techniques. This in turn allows us to provide our clients with true insight into emerging risks, so that they are able to make the most informed decision to protect their corporate data and infrastructure.
Recognized as experts in the industry, Stach & Liu professionals present at the top security conferences, author leading security books, and contribute to popular open-source security tools. It gives us great pleasure to share our knowledge with other professionals, and we are happy to give back to the community that has given us so much.
Publications
Articles
SPI Dynamics Expert Articles Series – Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle – Aug2007
August 16, 2007
Vincent Liu co-authors Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle as part of the SPI Dynamics Expert Articles series.
Conference Slides
SharePoint Hacking Diggity – Presentation Slides
June 14, 2012
For all presentation slides related to the SharePoint Hacking Diggity project, please see: SharePoint Hacking Diggity Project – Presentation Slides
Whitepapers
InformationWeek – Using Google to Find Vulnerabilities – 05Mar2012
March 5, 2012
Fran Brown authors the InformationWeek/Dark Reading report InformationWeek – Using Google to Find Vulnerabilities In Your IT Environment. In it, we will examine a slew of new tools and techniques that will allow security professionals to leverage Google, Bing, Baidu and other open search interfaces to proactively track down and eliminate sensitive information disclosures and vulnerabilities in their public systems. We also take a look at defensive tools designed to pull thousands of real-time RSS updates from search engines to provide users with alerts—a sort of intrusion detection system (IDS) for Google hacking.
Tools
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. The project page contains downloads and links to our latest Google Hacking research and free security tools. Defensive strategies are also introduced, including innovative solutions that use Google Alerts to monitor your network and systems.
The SharePoint Hacking Diggity Project is a research and development initiative dedicated to investigating the latest tools and techniques in hacking Microsoft SharePoint technologies. The project page contains downloads and links to our latest SharePoint Hacking research and free security tools. Assessment strategies are designed to help SharePoint administrators and security professionals identify common insecure configurations and exposures introduced by vulnerable SharePoint deployments.
Other Tools
Firecat is a penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network. After a tunnel is established, you can connect from an external host to any port on any system inside the compromised network, even if the network is behind a NAT gateway and/or strict firewall.
MD4/MD5 Collision
Create MD4 and MD5 hash collisions using groundbreaking new code that improves upon the techniques originally developed by Xiaoyun Wang. Using a 1.6 GHz Pentium 4, MD5 collisions can be generated in an average of 45 minutes, and MD4 collisions can be generated in an average of 5 seconds.
Advisories
December 8, 2005
PGP Desktop Wipe Free Space Flaw
PGP Desktop includes a Wipe Free Space utility that claims to eliminate data in all the free space on your hard drive including the the little areas after the end of existing files which may still have old data left behind. In short, the utility claims to wipe file slack space, the unused space in a disk cluster. The software does not work as advertised. It does not clean slack space.
Webinars
March 5, 2010
Harness the Power of Agile
Brenda Larcom (and 7 other IT experts) shares her thoughts around security, the promise of agile, key trends, and best practices. Watch this webinar and hear how these organizations have harnessed the power of Agile.
