August 22, 2012

Not So Random Numbers. Take Two

George Argyros and Aggelos Kiayias have published recently an awesome research concerning attacks on pseudo random generator in PHP. However, it lacked practical tools implementing this attack. That is why we conducted our own research which led to the creation of a program to perform the bruteforce of PHPSESSID.

August 12, 2012

Practical Example of Code Review Implementation

Our previous post concerning a code review implemented by our company caused a particular interest of the IT community, so we decided to write an extra article on this theme. Today we'll consider this practice implementation in terms of a specific example.

August 10, 2012

Code Review Implemented into Development

Attention! This article is meant for those people, who have an idea of what a code review is and who want to implement this technology in their companies.

When we started implementing code reviews in our projects, we were disappointed by the lack of good materials related to the process organizing from the very beginning. One more aspect that has hardly ever been described is review scaling.

Filling this gap in, we want to share our experience in implementing this wonderful practice by our team. Constructive comments are welcome.

So let's get it started.

Positive Technologies Became Cisco’s Official Technology Partner

Cisco Systems has awarded Positive Technologies the status of Cisco Registered Developer. It’s notable that our company has become the first Russian company to be granted the status of Cisco Registered Developer. Now Positive Technologies has its own profile on the official web site of Cisco Systems.

August 2, 2012

SELinux in Practice: DVWA Test

Since the last article on SELinux came out, we’ve been receiving requests to prove the benefits of the security subsystem ‘in practice'. So, we decided to test it. We created infrastructure with three vulnerable machines with default configurations (Damn Vulnerable Web Application on CentOS 5.8). They differed only in SELinux configurations: it was disabled on the the first machine, while the other two had the out-of-box policies applied, namely, targeted and strict.

Composed this way, the site of the virtual machines was exposed to penetration testing. Let’s take a look at the results!