«
Expand/Collapse
61 items tagged "web application security"
Related tags:
active web [+],
usa [+],
tgz [+],
reconnaissance [+],
owasp [+],
magazine [+],
issue [+],
darknet [+],
arachni [+],
web [+],
security scanner [+],
ruby [+],
crawler [+],
clubhack [+],
black hat [+],
web application security assessment [+],
security authors [+],
open source web [+],
input vectors [+],
cyclomatic complexity [+],
application scanner [+],
application [+],
vega [+],
tool [+],
source [+],
slides [+],
security web [+],
security coverage [+],
secure [+],
mike bailey [+],
jeremiah grossman [+],
intentional behavior [+],
fraud [+],
flash hacks [+],
flash [+],
bill pennington [+],
arian evans [+],
websurgery [+],
web developers [+],
testing tools [+],
test [+],
tar gz [+],
tar [+],
suite v1 [+],
suite [+],
stefan esser [+],
security lab [+],
security auditors [+],
security assessment [+],
security 2002 [+],
scanner [+],
rop [+],
repetitive elements [+],
platform [+],
php vulnerability [+],
php [+],
penetration testers [+],
penetration test [+],
open source platform [+],
netsparker [+],
manual web [+],
load balancers [+],
load [+],
lilith [+],
lab [+],
interactive sitemap [+],
halberd [+],
groundspeed [+],
free open source [+],
edition web [+],
edition v1 [+],
dojo [+],
database [+],
coliseum [+],
code [+],
cat [+],
burp [+],
bill pennington jeremiah grossman [+],
bill pennington dennis groves [+],
beta [+],
audit tool [+],
arbitrary code execution [+],
annoying limitations [+],
andiparos [+],
Release [+],
General [+],
Countermeasures [+],
security [+],
read [+],
hacking [+],
Tools [+],
watobo [+],
security audits [+],
skipfish [+],
cross site scripting [+]
-
-
11:16
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Recent Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
11:16
»
Packet Storm Security Misc. Files
ClubHACK Magazine Issue 22 - Topics covered include OWASP Mantra's MoC Crawler, Law relating to Cyberterrorism, Best Practices of Web Application Security, and more.
-
-
10:29
»
SecDocs
Authors:
Stefan Esser Tags:
exploiting PHP Event:
Black Hat USA 2010 Abstract: In 2009 one of the hottest topics has been code reuse and return oriented programming as means to bypass exploitation mitigation features in modern operating systems. We have seen ROP being applied to x86, SPARC, ARM and even election machines. Time has come to take ROP into the world of web application security. This presentation consists of two parts that will apply code reuse and ROP techniques to modern PHP exploits. The first part will show how ROP is applied entirely at the PHP level, reusing code parts of the already running PHP application to eventually achieve arbitrary code execution. It will be detailed how different PHP vulnerability classes can be used for these attacks, demonstrating some lesser known facts and tricks in PHP exploitation on the way. The second part of the presentation will go below the PHP level and feature a previously unknown memory corruption in PHP itself that is exposed to remote attackers through several widespread PHP applications. It will be demonstrated step by step how it is possible to develop a remote exploit for this vulnerability, defeating ASLR and NX/DEP on the way, by utilizing an information leak and returning into the PHP interpreter to execute arbitrary PHP code.
-
-
19:43
»
Packet Storm Security Recent Files
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
19:43
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
19:43
»
Packet Storm Security Misc. Files
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
-
17:24
»
Packet Storm Security Recent Files
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
-
17:24
»
Packet Storm Security Tools
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
-
17:24
»
Packet Storm Security Misc. Files
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application's cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni.
-
-
23:46
»
Packet Storm Security Recent Files
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
23:46
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
23:46
»
Packet Storm Security Misc. Files
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
-
8:32
»
Packet Storm Security Recent Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
8:32
»
Packet Storm Security Tools
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
8:32
»
Packet Storm Security Misc. Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
-
12:03
»
Packet Storm Security Recent Files
Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
-
12:03
»
Packet Storm Security Misc. Files
Topics for this issue include database protocol exploits being explained, measuring web application security coverage, combating the changing nature of online fraud, and much more.
-
-
20:03
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
18:25
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
-
19:01
»
Packet Storm Security Tools
Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.
-
-
13:36
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
13:36
»
Packet Storm Security Recent Files
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
12:04
»
Packet Storm Security Tools
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
12:04
»
Packet Storm Security Recent Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
-
20:01
»
Packet Storm Security Tools
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
-
-
3:18
»
SecDocs
Authors:
Mike Bailey Tags:
Flash Event:
Black Hat DC 2010 Abstract: Flash is scary stuff. It's installed on just about everybody's web browser, used everywhere, and has a poor security track record. Even within the web application security community, its quirks are poorly understood. Known and intentional behavior can have serious consequences which merit exploration. This talk is a discussion of new flash-based attacks, repurposing of old attacks, and demonstrations of working (and sometimes ridiculously complex) attacks on Gmail, Twitter, and other major websites.
-
3:18
»
SecDocs
Authors:
Mike Bailey Tags:
Flash Event:
Black Hat DC 2010 Abstract: Flash is scary stuff. It's installed on just about everybody's web browser, used everywhere, and has a poor security track record. Even within the web application security community, its quirks are poorly understood. Known and intentional behavior can have serious consequences which merit exploration. This talk is a discussion of new flash-based attacks, repurposing of old attacks, and demonstrations of working (and sometimes ridiculously complex) attacks on Gmail, Twitter, and other major websites.
-
-
16:32
»
Packet Storm Security Tools
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
16:31
»
Packet Storm Security Recent Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
-
19:55
»
Packet Storm Security Tools
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
-
19:55
»
Packet Storm Security Recent Files
Skipfish is a fully automated, active web application security reconnaissance tool. It is high speed, has a low false positive rate, and is easy to use.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution