-
Introduction to Adobe AIR Security
AIR is an interesting technology merging the web and desktop based applications on the flash platform. Lucas Adamski from Adobe has published a very good article describing the platform and security concerns I'd advise checking out. While it remains to be seen if AIR is going to be the next big thing, the concepts regarding…
-
Spammers crack Gmail Captcha
"Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to defeat automatic sign-ups…
-
Thread: Attacking Upload forms
Someone posed the question in a pen-test thread titled 'Malicious file upload in .JPG or GIF format' of how to pen test logins forms. While this isn't a new subject people are still asking the question and this is a decent thread to learn about the subject. Thread Link: http://archives.neohapsis.com/archives/sf/pentest/2008-02/thread.html#102
-
Hackers using rogue DNS servers to pwn you like a noob
"Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc. The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name…
-
Mozilla Dismisses New Firefox Flaw Warning
"Mozilla chief evangelist Mike Shaver says the latest Firefox information leakage bug warning is exaggerated. Published reports of an information leakage vulnerability affecting fully patched versions of the open-source Firefox browser have been greatly exaggerated, according to Mozilla chief evangelist Mike Shaver. Shaver's sharp retort follows the release of an advisory by hacker Ronald van…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack