SideJacking is about sniffing HTTP traffic and cloning whatever cookies are exchanged between the browser and the server. In this way, the attacker can clone your session IDs and eventualy they can hijack your account.

This publication discusses the fundamental technologies and features of SSL VPNs.
It describes SSL and how it fits within the context of layered network security.
It presents a phased approach to SSL VPN planning and implementation that can help in achieving successful SSL VPN deployments.
It also compares the SSL VPN technology with IPsec VPNs and other VPN solutions.
This information is particularly valuable for helping organizations to determine how best to deploy SSL VPNs within their specific network environments.

Today I discovered an impressive collection of security tools developed and offered for free by iSEC Partners and because I really appreciate any open source effort, I thought at least I could present them.

Watir is an automated test tool which uses the Ruby scripting language to drive the Internet Explorer web browser. Watir is a toolkit for automated tests to be developed and run against a web browser.

Srinath Anantharaju, a member of Google’s Security Team posted in Google’s Security Blog the availability of “Lemon” , a new web application security fuzzerdeveloped by Google.

another web testing tool called FunkLoad. This python application can be used for functional and regression testing of web applications.

WebLOAD stress and load testing tool has been released by Radware as open source. The Commercial-Grade Open Source Load Testing Solution from RadView. Load-test any Internet Application, including applications that use Web 2.0 & AJAX.

Acunetix Web Vulnerability Scanner 5 is definitely a most valuable ally in the battle against web security risks. This versatile software has successfully tackled the 80 / 20 problem of advanced software applications. It delivers good value for the money even if you use just 20 percent of it’s features, whereas in the hands of an web application security professional it reveals the 80 percent reserve of raw power.

Andres Riancho has released w3af 1.0 - the Web Application Attack and Audit Framework.This framework is written in python and resembles a bit to metasploit having an architecture based on plugins

I read today about a new tool for web brute forcing : DirBuster. It is a multi threaded java application designed to brute force directories and files names on web/application servers.