mehmet ince

Özgür Web Günleri 2014 – Web Uygulama Güvenliği ve XSS ile Savaş Workshop

by
Özgür Web Günleri 2014

Özgür Web Günleri, Linux Kullanıcıları Derneği ve Yeditepe Üniversitesi Bilgisayar Topluluğu tarafından beşinci kez düzenleniyor. Herhangi bir ücret ödemeden katılabileceğiniz bu etkinlik, özgür web teknolojilerini anlatan, tanıtan sunum ve workshop’lardan oluşmakta. Tarih ve Etkinlik Alanı 05-06 Aralık 2014’te, İstanbul Yeditepe Üniversitesi 26 Ağustos Yerleşimi’nde. Rektörlük binası 5. kat Kimler Katılmalı ? Web yazılımları geliştirenler Web uygulamaları … Read more

XSS Security in Django

by
django

You know output encoding is most important thing when topic comes to XSS. Today I’ve decided to write a article about how to secure your Django application against XSS vulnerabilities. Handing XSS cases with Django is more easy than other frameworks. Your Django app is approximately secure against XSS even if you developed it without security  mind. Therefore Django is try to encode specific characters in order to prevent yourself from cross-site scripting. But Django going to be fail  under the some circumstances.

PS : If you think any part of this article needs update or changes, feel free to leave comment. 

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.

Read more

Cyber Threat Monitoring System with Ossec + ZeroMQ + Logstash + ElasticSearch and Kibana

by

Hi

I’ve been using Ossec as Intrusion Detection System for year. Ossec is awesome service for detection and notification. Thus I’ve decided to build a cyber threat monitoring system with open source technologies. In order to do that, I decided to get logs from Ossec and send them to the Elasticsearch engine. This write-up going to be about installation of Ossec and Logstash/ElastichSearch and integration between of these services.

Read more

Analogi ( Web Interface for OSSEC ) SQL Injection Vulnerability

by
ossec-splunk

Hey

This weekend, I’ve decided to install Ossec into my lab. I was planning see how ossec is working and what is detection rate on reverse/bind connections.. When I’ve installed Ossec agent and server I was thinking about develop nodeJS application in order to print out every data on screen with real time so I decided to search similar project like this. After several google search I came across with Analogi.

https://github.com/ECSC/analogi

Read more