Last 50 'Papers' Tagged Posts

Phrack #67 is out for 25th anniversary!

To celebrate 25 years the phrack team has published issue #67. Introduction The Phrack Staff Phrack Prophile on Punk The Phrack Staff Phrack World News EL ZILCHO Loopback (is back) The Phrack Staff How to make it in Prison TAp Kernel instrumentation using kprobes ElfMaster ProFTPD with mod_sql pre-authentication, remote root FelineMenace...

Article: 'Setting the appropriate security defect handling expectations in development and QA

I have just published the following article on handling application security defects (vulnerabilities) in development and QA. "If you've worked in information security you've likely had to report a security defect to development in an effort to remediate the issue. Depending on your organization and its culture this can be a rather...

Blackhat 2006 RSS Security Talk Video Available

In 2006 I gave a talk on hacking RSS feeds, and feed readers. I stumbled upon the video for blackhat 2006 by accident the other day and thought it was worth posting. Video: http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V36-Auger_and_Sima-0day_subscriptions.mp4 Slides: http://www.cgisecurity.com/papers/RSS-Security.ppt Paper: http://www.cgisecurity.com/papers/HackingFeeds.pdf

Socket Capable Browser Plug-ins Result In Transparent Proxy Abuse

For over a year in my spare time I've been working on a abuse case against transparent proxies at my employer, and have just released my latest paper '"Socket Capable Browser Plugins Result In Transparent Proxy Abuse". When certain transparent proxy architectures are in use an attacker can achieve a partial Same...

CGISecurity Article: The Cross-Site Request Forgery FAQ

The Cross-site Request Forgery FAQ has been released to address some of the common questions and misconceptions regarding this commonly misunderstood web flaw. This paper serves as a living document for Cross-Site Request Forgery issues and will be updated as new information is discovered. If you have any suggestions or comments please...

Writing Software Security Test Cases: Putting security test cases into your test plan

Besides CGISecurity.com I'm involved with my other project QASec.com a new website aimed at teaching security throughout the development cycle with a heavy focus on security testing I've just written an article explaining how Quality Assurance Engineers can include security testing into their test plans. "Part of software testing involves replicating customer...

Identifying Risks in the Development Cycle

Identifying security defects before a product ships reduces the risk of embarrassing public exposure, the cost of repairing the defect, and the risk to your customers. Your customers will not forget being compromised via a flaw in your product, and they may try to hold you accountable. Properly performing this security validation...

Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations

This is a copy of the slides I used at my Blackhat 2006 talk and a link to the paper accompying it. Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point) Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations (Remote Copy)

RSS and Atom Security risks whitepaper is out!

I started researching RSS and Atom feed vulns last September but got distracted for 6 months or so with work/life. I've written a basic paper discussing the issues relating to Cross Site Scripting and web based feeds. I cover the risks associated with the following types of readers: * Web Based Readers...

Article #2: "The Cross Site Scripting Faq"

Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention. This article also covers practicle examples of cookie theft, and...

Fingerprinting Port 80 Attacks 2: A look into web server, and web application attack signatures: Part Two.

Part two of "Fingerprinting port80 attacks". This paper provides information on web application attack forensics that will help you identify what an attacker might be doing. Part two covers attacks that where not mentioned in the first paper. Fingerprinting Port80 Part 2 (TXT) Fingerprinting Port80 Part 2 (HTML)

Header Based Exploitation: Web Statistical Software Threats

This paper helps describe an attack method often overlooked by programmers. It explains how modification of HTTP headers can cause possible system access, cookie theft/poisoning, tricked advertising, database injection, and other bad things in web statistical software Header Manipulation/Web Stats Software (TXT)(English) (Hungarian)

Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures.

This is the first paper on web application attack forensics published. This paper will give you a basic understanding of what web application attacks look like, and how they are used in real life examples. Fingerprinting Port 80 Attacks (ENG) Russian (Local Copy) (Russian) (Chinese) Japanese translation "The paper provides a nice...

Email Archives may allow Distributed Attacks against users and Web servers

"Mailing lists are often archived for later viewing on websites. The software that archives these email messages may allow an attacker to execute commands, include false information, cause a wide scale browser DOS, and other possibilities." This paper covers potential uses/exploitation of this wide scale problem. Mail archives may allow distributed attacks...