-
Quick defcon/blackhat preparation list
A couple of people had asked me what are some things that you can do prior to attending hacker cons such as Blackhat and Defcon. Kurt Cobain said it best "Just because you're paranoid, doesn't mean they're not after you'. Here's a short list (albeit not complete as I don't plan to publish all…
-
Summary of Google+ browser security protections
Ray "Vanhalen" Kelly has written a post describing the security mechanisms used by Google+, as well as compares them to facebook. In particular he reviews each HTTP protection header and provides a good explanation of the purpose of each protection. Link: https://www.barracudanetworks.com/blogs/labsblog?bid=1743
-
Paper: Web Application finger printing Methods/Techniques and Prevention
Anant Shrivastava has posted a whitepaper providing a rundown of application fingerprinting methodologies, as well as comparisons of various tools such as W3af, BlindElephant, and Wapplyzer. "This Paper discusses about a relatively nascent field of Web Applicationfinger printing, how automated web application fingerprinting is performedin the current scenarios, what are the visible shortcomings in the…
-
Oracle website vulnerable to SQL Injection
Someone has published a SQL Injection in labs.oracle.com at http://www.thehackernews.com/2011/07/oracle-website-vulnerable-to-sql.html . That is all.
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack