-
Nikto Cgi scanner released
A new web scanner by www.cirt.net has been released to check for vulnerable cgi programs and common webserver holes. This scanner does 4005checks and is a good tool for testing your IDS software.(NOTE: Amount of checks vary from system to system)http://www.cirt.net/code/nikto.shtmlDownloadFrom Cirt.net
-
Header Based Exploitation: Web Statistical Software Threats
This paper helps describe an attack method often overlooked by programmers. It explains how modification of HTTP headers can cause possible system access, cookie theft/poisoning, tricked advertising, database injection, and other bad things in web statistical software Header Manipulation/Web Stats Software (TXT)(English) (Hungarian)
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack