Web Security Hardening

Posted on So, 2014-07-27 in security • Tagged with web, security

Last year during my summer internship I had the chance to catch up with current developments in Web-Security. In particular I had a closer look at mechanisms, that are used as a second line of defense or hardening mechanisms against common web attacks. I created drafts of blog entries describing …


Continue reading

Microsoft SQL Server Downgrade Attack

Posted on So, 2011-12-25 in security • Tagged with mssql, mitm, downgrade, metasploit

I took a look at the authentication mechanisms of the native network protocols of some of the more prominent dbms vendors. One of my targets was Microsofts SQL Server 2008 R2. MSSQL provides two methods for authentication: Integrated and Native Authentication. Integrated uses Windows OS user credentials to log into …


Continue reading