Metasploit is pleased to announce the immediate, free availability of the Metasploit Framework version 3.

Symantec released it’s XI edition of Internet Security Threat Report which covers the 2nd half of 2006 global security activity : malware, vulnerabilities, exploits, phishing, etc.

PHP ext/filter Space Trimming Buffer Underflow Vulnerability; PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability

SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions.

Well, this is a good news for all the folks in the PCI compliance business. Watchfire has been certified as a PCI scanning vendor.

Day 10 of the Month of PHP Bugs brings a new PHP vulnerability which occurs when using ext/filter and ASCII data. This raises the vulnerability count to 18.

Exploit Prevention Labs released the results of its February 2007 Exploit Prevalence Survey™. The Top 5 Web Exploits for February 2007 are

Anurag Agarwal continued his series of Reflections on web security superstars by presenting Ivan Ristic, the man who put ModSecurity on the map of mandatory security controls. Just like before, Anurag covers all the articles, books, tools and great contributions to the information security made by Ivan Ristic.

Day 9 of the PHP month of the bugs brings a vulnerability which involves POST data in the FDF format. I’m just wondering if Stefan Esser’s commitment to release at least one PHO bug a day will last until March 31. Anyway, here is number 17

Today I came across a new tool to investigate the index.dat files : Index.dat Analyzer 2.0 This remembers me of another good tool for Web Forensics : MANDIANT Web Historian which I’ve used in the past to track down security policy violations. It’s good to know that both tools are free.