-
Hackme Casino v1.0 Released
"Hacme Casino is an online casino, built with Ruby on Rails, with plenty of AJAX functionality. It has security vulnerabilities baked- in, and is meant to help educate developers and testers about web application security in the context of new technologies. If you are interested in the security aspects Ruby on Rails and AJAX, give…
-
IBM offers free tools for application security
"The offerings consist of IBM Secure Shell Library for Java, which automatically allows customers to encrypt Java application data transferred from one server to another, and the Security Workbench Development Environment for Java, which lets developers test and validate applications." Download Link: http://www.alphaworks.ibm.com/tech/sshlite Article Link: http://www.scmagazine.com/uk/news/article/565999/ibm+offers+free+tools+application+security/
-
WSFuzzer 1.5 has been released
Andres Andreu writes "WSFuzzer version 1.5 has been released. It is a pen testing tool that audits HTTP based SOAP targets. Details are available at http://www.neurofuzz.com/modules/software/wsfuzzer.php
-
Paros 3.2.10 released
A new version of Paros Proxy has been released. "We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields,…
-
New Open Source Web Application Scanner Released (Oedipus)
800m800m Writes "Oedipus is an open source web application security analysis and testing suite written in Ruby by Pentration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities. The…
-
ModSecurity 1.9 FINAL has been released
Ivan Ristic Writes "ModSecurity 1.9 FINAL has been released. It is available for immediate download from: http://www.modsecurity.org/download/ After more than a year in development, ModSecurity 1.9 introduces a number of changes that further increase usefulness of this web application security tool. Changes (since 1.8) ——————- Major enhancements include: * A brand new audit logging subsystem…
-
Paros v3.1.3 Released
"Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept, modify and debug HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning." – Paros [New features] " – Allow to run the scanner on a paticular request shown in…
-
Free Web Services Security Tool
I found a free tool by Vordel that is very useful for people who plan on auditing their web services for security vulnerabilities called "Vordel SOAPbox" (Registration required). http://www.vordel.com/soapbox/index.html http://www.vordel.com/soapbox/more.html
-
New Approach to .NET obfuscation
I found an interesting article on slashdot talking about a new technology that will further lockdown .NET applications. From this initial article this looks like a promising new technology. "One area of research is called "Program State Code Protection,” or PSCP, which means changing the code AS IT RUNS to make it harder for a…
-
Nikto Cgi scanner released
A new web scanner by www.cirt.net has been released to check for vulnerable cgi programs and common webserver holes. This scanner does 4005checks and is a good tool for testing your IDS software.(NOTE: Amount of checks vary from system to system)http://www.cirt.net/code/nikto.shtmlDownloadFrom Cirt.net
-
Cgisecurity.com IDS rules used in Snort 1.8.2
I recently wrote some IDS rule sets I found to be usefulfor snort that would help detect known, and unknownport80 attacks. I submitted these rules to snort.organd they liked them so much they are now includedin the newest release.These rules were based from cgisecurity.com's paper #3which will be released later today.A copy of these new…
-
IIS LockDown Tool released
Microsoft has finally released a tool that helpssecure your IIS machine. This new tool helps patch,and lockdown IIS from well known holes, as well as helping protect itself from unknown holes.Download it below(NOTE: This is also added to our patch section of this site.)IIS Lockdown Tool
-
Microsoft Releases New network Patching tool
I found the following link from a bugtraq posting anddecided to post it here. The tool below will patcha network of Windows machines with the latest securityupdates and patches. Below is a list of the platforms supported.Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Advanced Server Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Professional…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack