Hacking the Intranet with JavaScript Anti-DNS Pinning
Thursday, January 18th, 2007
An ingenious way of breaking the same-origin policy by undermining dns-pinning :
Share ThisArchive for January, 2007
Web Application Firewall for HTTP/HTTPS
Thursday, January 18th, 2007
An open source application layer firewall for HTTP/HTTPS. It works as a reverse proxy server. It analyzes all HTTP/HTTPS traffic against rule-based signatures and protects web servers and web applications from attack.
Share ThisThe Cross-site Request Forgery FAQ
Tuesday, January 16th, 2007
The Cross-site Request Forgery FAQ has been released to address some of the common questions and misconceptions regarding this commonly misunderstood web flaw.
Share ThisiWar - The first war dialer with VoIP functionality
Sunday, January 14th, 2007
One of the best War Dialers I came across .
Current Features:
Full and Normal logging: Full logging records all possible events during dialing (busy signals, no answers, carriers, etc). By default it only records things that we might find interesting (carriers, possible telco equipment). […]
Share ThisNew GUI for OVAL scanner
Sunday, January 14th, 2007
SSA is a GUI that relies on OVAL Framework (see oval.mitre.org)
http://www.security-database.com/
Share This
If you enjoyed this post, make sure you subscribe to my RSS feed!
NetBIOS NULL Sessions Explained
Sunday, January 14th, 2007
Here is a good resource on the good, the bad and the ugly of using NetBIOS NULL Sessions as attack target
Share ThisAutomated Scanner vs. The OWASP Top Ten
Wednesday, January 10th, 2007
an interesting article on automated vulnerability scanners and the limitations of these tools in finding real life web application vulnerabilities .
Share ThisGreat Wardialing Resource
Tuesday, January 9th, 2007
A very good resource of wardialers
http://www.wyae.de/software/paw/
Share This
If you enjoyed this post, make sure you subscribe to my RSS feed!
Penetration Testing Frameworks
Tuesday, January 9th, 2007
A good framework is a great resource for any pentester .
Here are some of the best I found :
The mindmap written by Toggmeister (a.k.a. Kev Orrey) & Lee J Lawson http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
OSSIG http://www.oissg.org/
OSSTMM http://www.isecom.org/osstmm/
OWASP http://www.owasp.org
Share This
If you enjoyed this post, make sure you subscribe to my RSS feed!
SecurityFocus Article - PHP apps: Security’s Low-Hanging Fruit
Tuesday, January 9th, 2007
The following column was published on SecurityFocus today:
PHP apps: Security’s Low-Hanging Fruit
by Kelly Martin
published 2007-01-08
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here’s how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems […]
