Aug 25, 2008
APEC VoIP Security Guide
stratsec (as SIFT) was engaged by the Asia-Pacific Economic Cooperation (APEC) organisation to develop a website and supporting material to assist small and medium enterprise SMEs in understanding the issues around VoIP security and to aid in safely using VoIP. READ MORE
Oct 26, 2007
Future of the Internet Project – Reliability of the Internet
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to analyse the reliability of the Internet as public and private infrastructure in Australia, including the likelihood and consequences of failure. READ MORE
Jul 2, 2007
Secure Your Information: Information Security Principles for Enterprise Architecture
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to define a set of information security principles to assist organisations to better protect and secure their information assets and achieve regulatory compliance. READ MORE
Jun 15, 2007
APEC Information Security Skills Guide
stratsec (as SIFT) was engaged by the Asia-Pacific Economic Cooperation (APEC) organisation to develop a guide to assist small & medium enterprise and IT Professionals in understanding the range of Information Security Certifications available. READ MORE
Feb 14, 2007
Log Injection Attack and Defence
This paper by stratsec Managing Consultant Daniel Grzelak examines the anatomy of log injection attacks. A log injection vulnerability occurs when a poorly-written program uses user-provided data to write to a system or application log without any security pre-processing. If an attacker controls this data they can then manipulate entries in the log for their purposes. Based on their level of knowledge of log format and content, this often results in the ability to add new entries and falsify events and actions. READ MORE
Nov 13, 2006
A Web Services Security Testing Framework
Web services are a widely touted technology that aim to provide tangible benefits to both business and IT. However, currently a specific security testing methodology is not currently avaliable in the marketplace. This paper by stratsec consultants Colin Wong and Daniel Grzelak proposes a framework that covers the entire security testing process tailored specifically for web services applications. READ MORE
Sep 26, 2006
XML Port Scanning - Bypassing Restrictive Perimeter Firewalls
This report by stratsec Principal Consultant Colin Wong describes a mechanism through which an attacker could use XML to have your webserver complete an internal scan of your environment, passing the information back to the external attacker. READ MORE
Jun 16, 2006
The Economic Viability of Cyber-Insurance
This report by stratsec Senior Consultant Bosco Tan explores a new range of insurance products which seek to take the variable financial risk out of IT Security. READ MORE
Jun 15, 2006
Managing DoS Attacks
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to provide critical infrastructure organisations advice for dealing with threats targeting the reliability of their Internet operations. READ MORE
Oct 24, 2003
Wireless (in)Security: Understanding the Risks
In this paper stratsec Managing Consultant Craig Searle examines the risks introduced by wireless technologies. Wireless networking has re-introduced a range of security concerns for organisations - many of which are widely known and typically very well-defended against on traditional ‘wired’ networks. The aspect of WLAN technology presenting the greatest threat when compared to traditional ‘wired’ networking is the fact that it drastically reduces the effectiveness of traditional physical security measures within an organisation. READ MORE