Important Note - Interest is terrible thing to waste. Where are you?

\/ w4rri0r \/Hacking is not a crime - It's an art of Awareness. \/ w4rri0r mission \/ is to make the information systems more secure, more aware, more reliable and protect against possible security breaches.

\/ w4rri0r \/ internationally recognized as a Security Researcher or White-Hat Hacker and Hall of Fame by Google, Microsoft, Yahoo, AppleRedHat, AT&T, Adobe, PayPal, Yandex, eBay, Deutsche TelekomBarracuda Networks, Nokia Siemens Network, Tuenti, Opera, BlackBerry, Nokia, SpotifyZynga, Netflix, iFixit, Basecamp, SoundCloudConstant Contact, Xmarks, LaunchKey, Zendesk and we are currently building \/ w4rri0r group \/ and inviting to join worldwide Security Researchers and Professionals. If you think you can contribute anything for \/ w4rri0r group \/ you are heartily invited and we'll give credit for your contribution and is greatly appreciated. [Launching soon]

If you have any questions, ideas, suggestions or contributions please do not hesitate to contact @ This email address is being protected from spambots. You need JavaScript enabled to view it. and will respond you within 24 hours.

Open Panel
  • Register

IT Security & Audit Policy

A computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT's, include system generated audit reports or using software to monitor and report changes to files and settings on a system.

Systems can include personal computers, servers, mainframes, network routers, switches. Applications can include Web Services, Microsoft Project Central, Oracle Database. (examples only).

 

Audit Event Reporting

During the last few decades systematic audit record generation (also called audit event reporting) can only be described as ad hoc. Ironically, in the early days of mainframe and mini-computing with large scale, single-vendor, custom software systems from companies such as IBM and Hewlett Packard, auditing was considered a mission-critical function. Over the last thirty years, commercial off-the-shelf (COTS) software applications and components, and micro computers have gradually replaced custom software and hardware as more cost-effective business management solutions.…

During this transition, the critical nature of audit event reporting gradually transformed into low priority customer requirements. Software consumers, having little else to fall back on, have simply accepted the lesser standards as normal. The consumer licenses of existing COTS software disclaim all liability for security, performance and data integrity issues.

 

Traditional Logging

Using traditional logging methods, applications and components submit free-form text messages to system logging facilities such as the Unix Syslog process, or the Microsoft Windows System, Security or Application event logs. Java applications often fall back to the standard Java logging facility, log4j. These text messages usually contain information only assumed to be security-relevant by the application developer, who is often not a computer- or network-security expert.

The fundamental problem with such free-form event records is that each application developer individually determines what information should be included in an audit event record, and the overall format in which that record should be presented to the audit log. This variance in formatting among thousands of instrumented applications makes the job of parsing audit event records by analysis tools (such as the Novell Sentinel product, for example) difficult and error prone. Such domain and application specific parsing code included in analysis tools is also difficult to maintain, as changes to event formats inevitably work their way into newer versions of the applications over time.

 

Modern Auditing Services

Most contemporary enterprise operating systems, including Microsoft Windows, Solaris, Mac OS X, and FreeBSD (via the TrustedBSD Project) support audit event logging due to requirements in the Common Criteria (and more historically, the Orange Book). Both FreeBSD and Mac OS X make use of the open source OpenBSM library and command suite to generate and process audit records.

The importance of audit event logging has increased with recent new (post-2000) US and worldwide legislation mandating corporate and enterprise auditing requirements. Open source projects such as OpenXDAS, a Bandit project identity component, have begun to take their place in software security reviews as not only an improvement, but a requirement. OpenXDAS is based on the Open Group Distributed Auditing Service specification, and has begun to show prominence in the security community as a more structured alternatives to free-form text audit logging. The XDAS specification defines a well-considered event format for security-related events, an event taxonomy with event types that cover most security-related event scenarios, and a standardized API for event submission and management.


Performing an Audit


Generally, computer security audits are performed by:

  1. Federal or State Regulators - Certified accountants, CISA. Federal OTS, OCC, DOJ, etc.
  2. Corporate Internal Auditors - Certificated accountants, CISA.
  3. Corporate Security Staff - Security managers, CISSP, CISM.
  4. IT Staff - subject matter experts, oversight support.

CORE Impact Professional

Logo Core ImpactCORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.

 
 

Read More...

IBM Security AppScan

Logo IBM Rational AppScanIBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.

 

Read More...

HP WebInspect

Logo - HP WebInspectHP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.

 

Read More...

Acunetix WVS

logo acunetix web application securityAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities. 

 

Read More...

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

\/ w4rri0r - Hacking Is Not A Crime - It's an art of Awareness \/ -  w4rri0r work in the dark, w4rri0r do what w4rri0r can, w4rri0r give what w4rri0r have, w4rri0r doubt is w4rri0r passion and w4rri0r passion is w4rri0r task. The rest is the madness of art \/ w4rri0r \/ 

\/ w4rri0r.com \/ are the great resource for information security professionals and researcher. \/ w4rri0r \/ offers a extensive variation of information security services that include SECURITY EXPLOITS (Bug or Vulnerability), SECURITY ADVISORIES (Security Alerts), SECURITY RESEARCHER TOOLBOX (Freeware, Shareware & Open-Source), SHELLCODE (Attacker Controller - Chunk of Data), SECURITY TRAINING (Educational Purpose), SECURITY NEWS (Security Recent or Important Events) and with this group you can be assured that you’re in the right hands. \/ w4rri0r gr0up \/  efforts being endorsed and appreciated by administrators, security researchers and members of various underground hacking groups and communities worldwide.

\/ w4rri0r mission \/ are to make the information systems more secure, more aware, more reliable and protect against possible security breaches.