-
WASC Announcement: 2008 Web Application Security Statistics Published
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2008. This initiative is a collaborative industry wide effort to pool togethersanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The statistics was compiled from web application security assessment projects which…
-
Announcing the Web Application Security Scanner Evaluation Criteria v1
“The Web Application Security Consortium is pleased to announce the release of version 1 of the Web Application Security Scanner Evaluation Criteria (WASSEC). The goal of the WASSEC project is to create a vendor-neutral document to help guide information security professionals during web application scanner evaluations. The document provides a comprehensive list of features that…
-
Microsoft publishes BinScope and MiniFuzz
From the download pages. BinScope"BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development Lifecycle (SDL) requirements and recommendations. BinScope checks that SDL-required compiler/linker flags are being set, strong-named assemblies are in use, up-to-date build tools are in place,…
-
Next Phase of WASC’s Distributed Open Proxy Honeypot Project Begins
Fellow WASC Officer Ryan Barnett has started the next phase of the Distributed Open Proxy Honeypot Project where people deploy open relay proxies and send the results to a central host for analysis. I met up with Ryan at blackhat where he showed me the central console displaying metrics for each proxy node (shown below).…
-
Nmap 5.00 Released
"Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/. This is the first stable release since 4.76 (last September), and the first major release since the 4.50 release in 2007. Dozens of development releases led up to this. Considering all the changes, we consider this the…
-
Microsoft Security Bulletin Summary for July 2009
It is Microsoft patch Tuesday and the following issues have been addressed. MS09-029 Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully…
-
WASC Threat Classification 2.0 Sneak Peek
Here is a sneak peek at the WASC Threat Classification v2.0. We’ve been working on this for more than a year and it’s been a very challenging, educational experience to say the least. Sections that are gray are currently in peer review and are not completed. Mission statement “The Threat Classification v2.0 outlines the attacks…
-
Fuzzware 1.5 released
"Fuzzware is tool for pen-testers and software security testers that isdesigned to simplify the fuzzing process, while maximising the fuzzingquality and effectiveness. Fuzzware is adaptable to various testingscenarios (e.g. file fuzzing, Web Services fuzzing, etc), gives you finegrain control over the fuzzing techniques used and ensures any interestingtest cases are captured and reproducible. For more…
-
Phrack 66 is out!
Introduction TCLH Phrack Prophile on The PaX Team TCLH Phrack World News TCLH Abusing the Objective C runtime nemo Backdooring Juniper Firewalls Graeme Exploiting DLmalloc frees in 2009 huku Persistent BIOS infection aLS and Alfredo Exploiting UMA : FreeBSD kernel heap exploits argp and karl Exploiting TCP Persist Timer Infiniteness ithilgore Malloc Des-Maleficarum blackngel A…
-
New paper by Amit Klein (Trusteer) – Temporary user tracking in major browsers and Cross-domain information leakage and attacks
Amit Klein posted the following to the web security mailing list yesterday. "User tracking across domains, processes (in some cases) and windows/tabs is demonstrated by exploiting several vulnerabilities in major browsers (Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a limited extent Google Chrome). Additionally, new cross-domain information leakage, and cross domain attacks are…
-
Insecure Magazine 21 (June) Released
Insecure magazine 21 has been released and covers the following. Malicious PDF: Get owned without opening Review: IronKey Personal Windows 7 security features: Building on Vista Using Wireshark to capture and analyze wireless traffic "Unclonable" RFID – a technical overview Secure development principles Q&A: Ron Gula on Nessus and Tenable Network Security Establish your social…
-
L0phtCrack is back, finally available for download
"It's official: The famous password-cracking tool L0phtCrack is back, and its creators plan to keep it that way. L0phtCrack 6 tool, released Wednesday, was developed in 1997 by Christien Rioux, Chris Wysopal, and Peiter "Mudge" Zatko from the former L0pht Heavy Industries — the hacker think tank best known for testifying before Congress that it…
-
SamuraiWTF live web testing framework 0.6 released
"The SamuraiWTF project team is proud to announce the immediate release of SamuraiWTF 0.6. This release contains a number of fixes and updates as well as the first release of a VM image. This VM requires Vmware 5.0 or better. It will also work in any version of VMWare Fusion.ThanksKevin Johnson" For those unfamiliar with…
-
Sysinternal Tool updates: Autoruns v9.5, PsLoglist v2.7, PsExec v1.95
Not website security related but still useful tools. Autoruns v9.5: This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution. PsLoglist v2.7: This version of PsLoglist, a command-line event log display utility, now properly displays…
-
Google Chrome Update Addresses 2 Security Flaws
CVE-2009-1441: Input validation error in the browser process. A failure to properly validate input from a renderer (tab) process could allow an attacker to crash the browser and possibly run arbitrary code with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code…
-
Web 2.0 Application Proxy, Profiling and Fuzzing tool
"This tool helps in assessing next generation application running on Web/enterprise 2.0 platform. It profiles HTTP requests and responses at runtime by configuring it as proxy. It identifies structures like JSON, XML, XML-RPC etc. along with key HTTP parameters like cookie, login forms, hidden values etc. Based on profile one can take decision to trap…
-
Firefox 3.0.9 Released to Fix Multiple Security Flaws
MFSA 2009-22 Firefox allows Refresh header to redirect to javascript: URIs MFSA 2009-21 POST data sent to wrong site when saving web page with embedded frame MFSA 2009-20 Malicious search plugins can inject code into arbitrary sites MFSA 2009-19 Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString MFSA 2009-18 XSS hazard using third-party stylesheets and XBL bindings…
-
Nessus Version 4 Released
"Tenable is pleased to announce the release of Nessus version 4! This blog post highlights some of the enhancements and new features available in Nessus 4.0. One of the most notable features is the ability to create custom XSLT reports based on your scan results. Nessus now also supports a fully multi-threaded scanning engine, which…
-
Watcher: a free web-app security testing and compliance auditing tool
"Watcher is designed as a Fiddler plugin that passively monitors HTTP/S traffic for vulnerabilities. It gives pen-testers hot-spot detection for user-controlled inputs, open redirects, and other issues, and it gives auditors an easy way to find PCI compliance and other organizational issues. Here’s some of the issues Watcher has checks for now: Cross-domain stylesheet and…
-
SWFScan – Free Flash Security Tool
"HP SWFScan is a free security tool to developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden…
-
Microsoft releases !exploitable crash evaluation tool
"Aiming to better identify bugs that could lead to security issues, Microsoft announced on Wednesday that it planned to release a tool to help developers classify and assess program crashes. The tool, known as !exploitable and pronounced "bang exploitable," is a plugin for the Windows debugger that categorizes crash information using two hashes, members of…
-
WarVOX 1.0.0 Released
HD Moore sent the following to bugtraq this morning. "WarVOX is a suite of tools for exploring, classifying, and auditingtelephone systems. Unlike normal wardialing tools, WarVOX works with theactual audio from each call and does not use a modem directly. Thismodel allows WarVOX to find and classify a wide range of interestinglines, including modems, faxes,…
-
The return of L0phtCrack
"More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight. The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference. A teaser post on the l0phtcrack.com Web site…
-
Apple goes public with security in Safari 4
"Apple announced on Tuesday the public availability of its next browser, Safari 4, seemingly adding a host of new security features to the program along with speedier Javascript processing and additional eye candy, such as cover flow. The security features are not new, however. The company quietly added anti-malware and phishing protection, as well as…
-
CERT Advisory VU#435052: An Architectural Flaw Involving Transparent Proxies
For the past year in my spare time I've been researching a flaw involving transparent proxies and today CERT has published an advisory for this issue. If you have a vulnerable proxy on your intranet NOW is the time to patch (details of affected vendors in the cert advisory). QBIK New Zealand SmoothWall Squid Ziproxy…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack