Publications (2010)
Recent publications produced by MWR InfoSecurity are listed below in date order. On this page you can also find recent presentations and White Papers from MWR InfoSecurity consultants..
Middleware Risks: Guidance for IT Security Managers
Sep 14, 2010
As a result of conducting research into WebSphere MQ and then subsequently using this knowledge on testing engagements it has become clear that organisations are not accurately assessing the associated risks. This white paper provides a high level summary of the findings of testing and assurance work that has been conducted by MWR InfoSecurity and outlines a way forward for organisations that are concerned about their use of the technology.
Banking Sector Security - Annual Research Review
Aug 13, 2010
MWR Labs welcomes you to its 2010 review of research undertaken into technologies in use in the banking sector.
Journey to the Centre of the Breach
Jun 02, 2010
Computer forensics is no longer exclusively the domain of law enforcement investigators. The same techniques applied to gathering evidence for use in court can also be applied to investigating a security incident in order to provide the victim with information and assurance. In this report, a case study is presented that details the tools and techniques used in the investigation of a breach of an FTP server, from the initial log file analysis through to reverse engineering the discovered malware.
This document was produced as an academic report and as such does not follow the typical MWR InfoSecurity formatting.
Brave New 64-Bit World
Jun 02, 2010
Memory requirements on server and desktop systems have risen considerably over the past few years, to the point where 32-bit architectures are not capable of addressing the required amount of memory. A variety of 64-bit CPUs and operating systems have been introduced to resolve this architecture imposed limitation and these are now being widely adopted. However, any porting of software to 64-bit compatibility can have unexpected security implications. This paper discusses some of these implications and how to resolve them.
Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Mar 05, 2010
Matt Hillman presented at ShmooCon 2010 in Washington DC about his research in Solaris bug hunting. The presentation included demos of his software which provides a Ruby based debugging interface to Solaris, allowing implementation of tools to perform fault monitoring for fuzzers, code coverage, run tracing, code profiling and fault injection.