I reviewed the number of security vulnerabilities published for the major blogging platforms in the past year (May 2006 - May 2007) . The numbers are high, especially for the open source products (Wordpress, Drupal).

David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).

N-Stalker is a great tool for every day’s security tests. It’s packed with lots of features which will make your job easier. For instance it can go beyond the login screen of an application thanks to its smart authentication procedure which supports pre-recorded username/password pairs as well as digital certificates.

A Security Fuzzer is a tool designed to provide random data (fuzzing testing) to an application’s parameters. In the context of web application testing, fuzzing means testing especially for buffer overflow, parameter format check, various encoding and error handling.

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc.

A very interesting PHP tool which can be deployed directly into your PHP code and acts as an input filtering module protecting the application form user supplied malicious input. In fact it can be considered an inline PHP IDS /IPS.

I was quite surprised today to learn that Websense will acquire Surfcontrol. I’ve had good experiences with Websense and I wonder if the economics behind this merger / aquisition won’t affect these products.
Apparently Websense will integrate Surfcontrol’s email security filtering capabilities int a new generation of Websense products, but  there is always the very […]

A captcha (an acronym for “completely automated public Turing test to tell computers and humans apart”) is a type of challenge-response test used in computing to determine whether or not the user is human.

WhiteHat Security Web Application Security Risk Report presents web vulnerabilities gathered during more than a year from commercial web applications assessments.

Architects and developers need to calculate the confidentiality, integrity, and availability requirements of their applications. In short, application classification needs to precede secure application development.