Dragos Lungu Dot Com

New Antispyware for Mac OS X

January 21st, 2007

SecureMac.com has released version 2.3 of the Anti-Spyware program for Mac OS X, MacScan. Version 2.3 adds a blacklisted cookie scanner. This feature maintains a list of known tracking cookies, and when run, removes them from web browsers in which they are found. Version 2.3 also adds file cleaning support for additional browsers. Get it at http://macscan.securemac.com/

Web application security resources

January 19th, 2007

These are the best online resources in web application security :

RSnake’s Blog
OWASP
Jeremiah Grossman’s Blog
The Web Security Mailing List
sla.ckers.org forum
Web Application Security Consortium
Security Focus Web Application Security List
GNUCITIZEN
cgisecurit
Security Focus Hacking Exposed Web Applications, 2nd Edition (Joel Scambray, Mike Shema, Caleb Sima)
Full Disclosure
Google
BugTraq
XSS (Cross Site Scripting) Cheat Sheet
Secunia
Sylvan von Stuppe
BlackHat
Schneier on Security
PaulDotCom
Professional Pen Testing for Web Applications (Andres Andreu)
del.icio.us (webapp security)
FrSIRT
IEEE S&P OSSTMM
(IN)SECURE Magazine
Software Security (Gary McGraw)
19 Deadly Sins of Software Security -(Michael Howard, David LeBlanc, John Viega)
SecuriTeam
qasec
WhiteHat Security
http://www.security.nnov.ru
Web Security Threat Classification
http://www.securityfocus.com/archive/107
How to Break Web Software (Mike Andrews, James A. Whittaker)
Microsoft
Security Focus Penetration Testing
SearchAppSecurity
National Vulnerability Database
ComputerWorld Safari Bookshelf

Pantera – A Web Assessment Studio

January 19th, 2007

OWASP is happy to announce the first release of OWASP Pantera – Web
Assessment Studio. Pantera is a mix between a pentest proxy, an application
scanner, and an intelligent analysis framework. Pantera’s goal is to leave
the analysis and automatic (repetitive) stuff to the engine, leaving only
the important decisions to the security expert.
Great tool !
OWASP Pantera Web Assessment Studio Project

OWASP Testing Guide V2

January 19th, 2007

The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source.
OWASP has released the Security Testing Guide v2 .At 270 pages, this guide is already a must-have for most developers and penetration/application testers, but we want to take it one step further and make sure that everything is 100%.
The team leaders of this project are Eoin Keary – Editor and Matteo Meucci – Autumn of Code Lead .

Get it here :
http://www.owasp.org/index.php/OWASP_Testing_Guide_v2_Table_of_Contents