-
Department of Homeland Security gets Pwned, and pwned, and pwned
"The Homeland Security Department, the lead U.S. agency for fighting cyber threats, suffered more than 800 hacker break-ins, virus outbreaks and other computer security problems over two years, senior officials acknowledged to Congress. In one instance, hacker tools for stealing passwords and other files were found on two internal Homeland Security computer systems. The agency’s…
-
Tools: sqlninja 0.1.2 released
icesurfer writes "Hello fellow security enthusiasts, a new version of sqlninja is out at sourceforge ! Introduction ============sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a…
-
Designing a crypto attack on the Ccrp…
Piotr Musial writes "Ccrp was designed to be a highly secure private key encryptor for small files and messages, and uses bit-move logic as the primary means of "scrambling" the plaintext. Ccrp also uses a lookup table instead of a pseudorandom bit generator, and so to obtain good se curity with that method, the performance…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack