Advise - Assess - Assure
Australia
Tel.: + 61 2 9585 1455
Fax.:+ 61 2 9580 5582
e-mail: AU@Security-Assessment.com

New Zealand

Tel.: + 64 9 302 5093
Fax.:+ 64 9 302 5023
e-mail: NZ@Security-Assessment.com
Technical Resources
Security-Assessment.com is differentiated by our strong focus on research and development, through new products released such as SA-ISO , through to our commitment to the discovery and publication of Microsoft Vulnerabilities.  

In 2003, Security-Assessment.com came second globally in the discovery and publication of Microsoft Vulnerabilities.  We stay at the front because we have highly skilled people and use only the best resources in our research and assessments.  

In this section we have provided information and samples of tools that we use.


  QualysGuard 
Qualys Gaurd continuously scans corporate networks to discover vulnerabilities, ensure compliance, and prioritise remediation with no infrastructure or software to be deployed or managed.  

See why QualysGuard has received numerous awards for "best Security Service" Free Scan

   Exploiting Freelist[0] On Windows XP Service Pack 2
Windows XP Service pack 2 introduced some new security measures in an attempt to prevent the use of overwritten heap headers to do arbitrary byte writing. This method of exploiting heap overflows, and the protection offered by service pack 2, is widely known and has been well documented in the past.

What this paper will attempt to explain is how other functionality of the heap management code can be used to gain execution control after a chunk header has been overwritten.

In particular this paper takes a look at exploiting freelist[0] overwrites. Open.
 Codescan
Internet systems are often the first point of external attack.  Lack of input filtering, cross site scripting, session theft, SQL injection attacks, URL manipulation all provide areas of weaknesses that can and are being exploited by attackers.

Source Code is subject to the considerations of security during the life cycle, test procedures and security knowledge and capabilities of the development team. The implications of these vulnerabilities are serious and include regulatory, reputational and financial.

Codescan minimises these risks.  Codescan  is an automated solution for source code inspection.  It  benefits consultants, development shops and in house development teams to reduce vulnerabilities inherent in applications, improve accuracy of testing, and reduce costs and time associated with source code inspection and application assurance
Contact Us for more information
 

Security-Assessment.com  © 2006 | Privacy Policy | Terms of Use | Site Map