OSSTMM guru Pete Herzog released today an interesting guide on social engineering assessments. It will be an integral part of the soon to be released Open Source Security Testing Methodology Manual v3.0. Get it here : http://www.isecom.org/osstmm3.HUMSEC.draft.pdf
Open Web Application Security Project (OWASP) has released the first draft of the 2007 edition of the Ten Most Critical Web Application Security Vulnerabilities. Over the years, this document has turned into a de facto web application vulnerability checklist. Briefly, this is the 2007 Ten Most Critical Web Application Security Vulnerabilities: A1 – Cross Site Scripting (XSS) A2 – Injection Flaws A3 – Malicious File Execution A4 – Insecure Direct Object Reference A5 – Cross Site Request Forgery (CSRF) A6 – Information Leakage and Improper Error Handling A7 – Broken Authentication and Session Management A8 – Insecure Cryptographic Storage A9 – Insecure Communications A10 – Failure to Restrict URL Access You can download it here
Ever wondered how could you find all the sub-domain hosts starting your search just from the domain name ? Well, RSnake wrote a Perl tool to do just that : digg for unknown hosts within a given domain . The tool is called Fierce Domain Scanner and you can get it here : http://ha.ckers.org/fierce/
24/7 Live Malware Security News
