Category: Blog | Int64 Software Blog

Hardening Website Security – Part 4: Safely Handling User Input

In the final part of this series, we’re going to look at the proper way to handle raw user input from your website, and what can go wrong if it isn’t properly sanitized before storing or using the data.

Why aren’t you using Microsoft’s Local Administrator Password Solution (LAPS) yet?

Microsoft LAPS (Local Administrator Password Solution) is a free tool for Active Directory environments which automatically creates, sets and stores cryptographically secure passwords on your local administrator accounts. It’s powerful, free and it improves your security. So why aren’t you using it yet?

Hardening Website Security – Part 3: Website Database Security

Introduction It feels like almost every week there’s another news item about personal information being stolen because yet another company’s website got hacked. Most of these attacks are perpetrated through social engineering, persuading somebody to hand over some detail which allows the hacker to gain additional privileges and, eventually, access to personal information. However, a…

Hardening Website Security – Part 2: User Session Cookie Security

In this section we will be looking at how you can increase the security of user sessions on your web server, and reduce the risk of Session Hijack Attacks.

Hardening Website Security – Part 1: HTTP Security Headers

Storm Trooper Guarding House - HTTP Security

Installing and Configuring Microsoft LAPS: A Complete Guide – Part 1

Microsoft Local Administrator Password Solution (LAPS) Installation Guide

Microsoft LAPS (Local Administrator Password Solution) is making a big splash in the Active Directory community by providing a simple, secure, and free solution to the age-old question of how to secure your Local Administrator accounts.

Separation of Duties in Software Solutions: A Case Study in Overcee

Separation (or Segregation) of Duties in business and Information Technology is a great internal process which describes restricting the power of any one individual in order to combat mistakes and fraud. R. A. Botha and J. H. P. Eloff in “Separation of Duties for Access Control Enforcement in Workflow Environments” describe SoD as: Separation of…

Tutorial: Privilege Escalation Vulnerability Scan Tool and Overcee

We previously mentioned that the free Privilege Escalation Vulnerability Scan (PEVS) Tool released last week could be perfectly combined with our Delegated Device Managements platform, Overcee. So we thought we’d delve in and show you how this simple task can be setup.

Free: Windows Privilege Escalation Vulnerability Scan Tool

There exist many actual and potential vulnerabilities in the Windows operating system suite which could leave your systems open to attack. While many of these are patched or mitigated when they are discovered, many still remain as “features” of the operating system. We’ve isolated four of these vulnerabilities which we feel are the most easily…