CORE GRASP for PHP is a web-application protection software aimed at detecting and blocking injection vulnerabilities and privacy violations.The present implementation protects PHP 5.2.3 against SQL-injection attacks for the MySQL engine

SideJacking is about sniffing HTTP traffic and cloning whatever cookies are exchanged between the browser and the server. In this way, the attacker can clone your session IDs and eventualy they can hijack your account.

new tool collection for auditing SIP devices : SIPVicious .swmap, swar, swcrack

Today I discovered an impressive collection of security tools developed and offered for free by iSEC Partners and because I really appreciate any open source effort, I thought at least I could present them.

The Secunia PSI detects installed software and categorizes your software as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

Watir is an automated test tool which uses the Ruby scripting language to drive the Internet Explorer web browser. Watir is a toolkit for automated tests to be developed and run against a web browser.

Srinath Anantharaju, a member of Google’s Security Team posted in Google’s Security Blog the availability of “Lemon” , a new web application security fuzzerdeveloped by Google.

If you are looking for a way to silently run information gathering tools out of a U3 compatible USB thumb drive, look no further. The Hack5 USB Switchblade is a great tool to turn a harmless USB pen drive into a dangerous hacking tool.

Francois Larouche announced today the availability of a new version of Sql Power Injector , an excelent application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web application.

Evolution is a program that can be used to determine the relationships and real world links between people, systems and internet resources. Passive information gathering and intelligence.