CGISecurity Logo

Topics

Tags

  • Tool availability – browser DOM Checker

    Posted by Robert A on

    in
    ,
    | |

    "I'd like to announce the availability of DOM Checker, an automated tool for validating browser security policy enforcement. The project is hosted at: http://code.google.com/p/dom-checker/ The tool features several fairly neat features, including exhaustive hierarchy crawling and side-channel blind write validation to reduce the number of false positives. DOM Checker had been used to find a…

  • Cracking passwords the Web application way: A rundown of web based haxoring tools

    Posted by Robert A on

    in
    , ,
    | |

    This article reviews various tools that can be used to brute force web forms and web based auth. "This mish-mash of security is the basis of Web login vulnerabilities and why passwords are often easily cracked. Be it form-based, HTTP Basic, or NT LAN Manager (NTLM) (the three main types of authentication that most applications…

  • Paros 3.2.10 released

    Posted by Robert A on

    in
    , ,
    | |

    A new version of Paros Proxy has been released. "We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields,…

  • Paros v3.1.3 Released

    Posted by Robert A on

    in
    ,
    | |

    "Paros is a man-in-the-middle proxy and application vulnerability scanner. It allows users to intercept, modify and debug HTTP and HTTPS data on-the-fly between web server and client browser. It also supports client-certificate, proxy-chaining, filtering and various vulnerability scanning." – Paros [New features] " – Allow to run the scanner on a paticular request shown in…

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.