This talk describes a software system to securely execute predefined commands over an untrusted network, analyzes the potential attack vectors against this system and defines countermeasures to make it impossible for an attacker to use these attack vectors. This talk describes a software system to securely execute predefined commands over an untrusted network, using an authentication method and a measure of transport layer security. This software system - called "trapdoor2" - is used as an example to describe a number of ''state of the art'' programming techniques as countermeasures against potential attacks. Techniques that will be described and shown in detail in the presentation will be privilege separation, strict enforcement of the ''principle of least privileges'', preventing attacks against the used SSL/TLS implementation and defeating Denial of Service attacks by employing a simple yet efficient connection limiting algorithm.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.