The Latest Trends in Advanced Web Hacking and Secure Coding in the Real World

There you have it. PayPal phishing using Adsense forceful redirect. Pretty nasty… to say the least.

SANS released a paper on Web Applications Audit. It’s more of a guide to low hanging fruit website assessment, but still is a good resource . The article begins with setting up , adjusting and configuring the tool arsenal and then walks the reader trough implementation and conclusions.

Well, this is a good news for all the folks in the PCI compliance business. Watchfire has been certified as a PCI scanning vendor.

Exploit Prevention Labs released the results of its February 2007 Exploit Prevalence Surveyâ„¢. The Top 5 Web Exploits for February 2007 are

Anurag Agarwal continued his series of Reflections on web security superstars by presenting Ivan Ristic, the man who put ModSecurity on the map of mandatory security controls. Just like before, Anurag covers all the articles, books, tools and great contributions to the information security made by Ivan Ristic.

I’m glad to read that SPI Dynamics will be joining the Open Web Application Security Project (OWASP) as a Vendor Organization member. Additionally, SPI Dynamics is lending support to the OWASP Site Generator (OSG) project by allocating its membership fees to the ongoing success of this initiative.

Anurag Agarwal released the third article from the series of mini biographies called Reflection which so far presented Amit Klein and RSnake ;

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

If there is any mention of XSS, there is a big chance RSnake’s name or its cheat sheet is mentioned along with it. His contribution in the web application security awareness is legendary.