-
Cenzic Patent Case Worries Web Researchers, Vendors
"A patent infringement lawsuit recently filed by Cenzic against SPI Dynamics has Web application security companies and researchers on edge. If successful, the suit — which centers around Cenzic's patent on a Web application vulnerability scanning technology — could mean trouble for other scanner vendors, as well as researchers who develop scanning techniques. Cenzic, which…
-
WASC Announcement: Web Application Security Scanner Evaluation Criteria Call for Participants
The Web Application Security Consortium is pleased to announce a new project " Web Application Security Scanner Evaluation Criteria (WASSEC)". Currently WASC is seeking volunteers from various sections of the community including penetration testers, scanner vendors, security researchers and also end users to contribute to the project. A brief description of the project The Web…
-
Mozilla Releases JavaScript Fuzzer at Blackhat
"Mozilla has been using an open-source application security testing tool, known as a fuzzer, for JavaScript to detect and fix dozens of security bugs in Firefox, Mozilla director of ecosystem development Window Snyder said Thursday at the Black Hat USA 2007 conference in Las Vegas. The JavaScript fuzzer found 280 bugs in Firefox, 27 of…
-
Tool: SQL Power Injector 1.2
"SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal…
-
HDIV: Struts 2 Security Plugin
Gorka Vicente writes "HDIV 1.3 has just been released including Struts 2 support. HDIV is an open-source project that extends Struts ( Struts 1.x and Struts 2) behavior by adding web application level Security functionalities (Integrity, Confident iality of non editable data and Generic Validations of the Editable Data), maintaining the API and Struts specif…
-
Pixy – An Open-Source Vulnerability Scanner for PHP Applications
"The Secure Systems Lab at the Technical University of Vienna has released the newest version of Pixy, an open-source vulnerability scanner. Here are some of the highlights: – detection of SQL injection and XSS vulnerabilities in PHP source code – automatic resolution of file inclusions – computation of dependence graphs that help you understand the…
-
Tools: sqlninja 0.1.2 released
icesurfer writes "Hello fellow security enthusiasts, a new version of sqlninja is out at sourceforge ! Introduction ============sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a…
-
Designing a crypto attack on the Ccrp…
Piotr Musial writes "Ccrp was designed to be a highly secure private key encryptor for small files and messages, and uses bit-move logic as the primary means of "scrambling" the plaintext. Ccrp also uses a lookup table instead of a pseudorandom bit generator, and so to obtain good se curity with that method, the performance…
-
Cenzic Patents the obvious: Fault Injection!
I monitor google news for anything application security related and found the following announced today by Cenzic. "the U.S. Patent and Trademark Office (PTO) has issued the company U.S. Patent No. 7,185,232, focused on fault injection technology, which is commonly used by most security assessment scanners." – Cenzic Cenzic is not the first application security…
-
Tool: untidy XML Fuzzer beta 2 is out
"untidy is general purpose XML Fuzzer. It takes a string representation of a XML as input and generates a set of modified, potentially invalid, XMLs based on the input." Tool Link: http://untidy.sourceforge.net/
-
Top 15 free SQL Injection Scanners
"SQL Injection is perhaps the most common web-application hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. The vulnerability is presented when user input is incorrectly sanitized and thereby executed. Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do…
-
Strategic Security: Web Applications Scanners
I found this linked off of jeremiah’s blog "As applications evolve, new vulnerabilities emerge. For this Rolling Review series we’ll examine how Web application scanners help address the security weaknesses found in RIAs in general, and Ajax in particular." "Web application scanners can help, but implementation is tricky. For this Rolling Review, we decided that…
-
A Software Call To Arms: Where are source control repository security scanning tools?
<rant> We’ve heard of source code analysis tools, and blackbox scanning tools and they have value to help secure your application. Unfortunately they have a major downside, they require the discipline of using them. If your developers don’t run them they can still check in vulnerable code to your source code repository. For the past…
-
HDIV (HTTP Data Integrity Validator) 1.1 released
Gorka Vicente ([email protected]) writes "The HDIV project is an Apache-licensed Struts’ Security extension that adds security functionalities to Struts, maintain ing the API and Struts specification. This implies that we can use HDIV in applications developed in Struts in a transpa rent way to the programmer and without adding any complexity to the application development.…
-
Metasploit 3.0 released
"Metasploit is pleased to announce the immediate free availability of the Metasploit Framework version 3.0 from http://framework.metasploit.com/. The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits 104 payloads 17 encoders and 3 nop modules. Additionally 30 auxiliary modules are included that perform a wide range…
-
JavaScript bug hunting tool demonstrated, and ethical release of POC code
"The tool, called Jikto, can make an unsuspecting Web user’s PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said. But, in a change of plans, Hoffman did not publicly release Jikto. "The higher-ups first say we can, and then they change their mind," he said after…
-
Automated Scanners vs. Low-Hanging Fruit
Jeremiah Grossman (Whitehat Security) has typed up an entry on automated vulnerability scanning verses humans. If you’re in the position to perform an assessment it’s worth the read. Article Link: http://jeremiahgrossman.blogspot.com/2007/02/automated-scanners-vs-low-hanging-fruit.html
-
Using Fuzzers in Software Testing: Identifying Application Risks
I’ve written a short blurb on my other site QASEC.com on why using fuzzers in QA can pay off. This is a new site focused on speaking to the various people involved in a development cycle using a language that they are familiar with in short to the point articles. "Fuzzers are used to perform…
-
Vulnerability Scanners Review
Someone has written up a review of 11 security scanners specifically. ISS Internet Security Systems SSS Shadow Security Scanner Retina eEye Nessus GFI Languard Network Security Scanner Qualys http://www.qualys.com Nstealth Security Scanner http://www.nstalker.com Nikto Whisker Infiltrator infiltration-systems.com Nscan "I was looking at 3 main areas while evaluating the scanners. 1. Comprehensiveness of the testing: including…
-
Microsoft Anti-Cross Site Scripting Library V1.5 is Released
"For defence in depth, developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from most encoding libraries in that it uses the "principle of inclusions" technique to provide protection against XSS attacks. This approach works by first defining a valid or allowable set of characters, and encodes…
-
Vulnerability Scanning Web 2.0 Client-Side Components
Shreeraj Shah has written an article outling some of the 'Web 2.0' risks. He covers RSS Security, JSON, Ajax Security, Cross Site Request Forgery and other related issues. Article Link: http://www.securityfocus.com/infocus/1881
-
Mod Security as an IPS
One of our readers 'J. Oquendo' "got bored" and wrote an article titled 'Securing LAMP and using ModSecurity as an IPS'. "Many times administrators often forget to do security checks from the ground up. They often will rely on simple methods of testing a machine. An NMAP scan here, a Metasploit scan there… Let's build…
-
Detecting Web Application Security Vulnerabilities
An anonymous poster contributes "Web application source code, independent of languages and platforms, is a major source for vulnerabilities. One of the CSI surveys on vulnerability distribution suggests that 64% of the time, a vulnerability crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there…
-
ModSecurity 2.0 is out
"Ivan Ristic explains what's hot about the new release Interview ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time…
-
Microsoft Research Builds BrowserShield
"With BrowserShield, Wang argues, many such attacks could be blocked. BrowserShield can be used as a framework that rewrites HTML pages to deny any attempt at executing harmful code on browsers. "We basically intercept the Web page, inject our logic and transform the page that is eventually rendered on the browser," Wang said. "We're inserting…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack