Archive | Programming


05 November 2014 | 1,033 views

Brakeman – Static Analysis Rails Security Scanner

Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. It […]

Continue Reading

18 October 2014 | 3,559 views

RIPS – Static Source Code Analysis For PHP Vulnerabilities

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced […]

Continue Reading

21 July 2014 | 2,285 views

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file […]

Continue Reading

01 April 2014 | 1,978 views

Agnitio v2.1 Released – Manual Security Code Review Tool

A tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. It hasn’t been updated for a fair while sadly, and v2.1 was released in 2011 – but […]

Continue Reading

11 March 2014 | 2,196 views

ODA – Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions. ODA is an online Web […]

Continue Reading

10 January 2014 | 1,750 views

Capstone – Multi-platform, Multi-architecture Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. It is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka […]

Continue Reading

27 January 2013 | 1,847 views

New eLearnSecurity Pen-Testing Labs Launched – Attend Live Demo Event

You might remember the Hera Labs info from the post about the updated Pen-testing Pro course: eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2 Now eLearnSecurity has decided to open up just the labs outside of the course, for people that want a practical hands-on environment to learn. Main Features You […]

Continue Reading

08 January 2013 | 1,321 views

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The […]

Continue Reading

13 November 2012 | 4,241 views – Build, Host & Share Vulnerable Web Application Code is a FREE, community based project powered by eLearnSecurity. The community allows you to build, host and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. The platform is available without any restriction to any party […]

Continue Reading

06 November 2012 | 2,218 views

VMWare ESX Source Code Leaked On The Internet

Another big source code leak, this time VMWare ESX, software which I’m sure most of the readers here have used at some point (I know I have). There was a time back in 2006 when VMWare Rootkits seemed like they might be the next big thing, but nothing much ever came out of it. VMware […]

Continue Reading