Archive | Programming


26 January 2010 | 9,537 views

Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extensible but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test [...]

Continue Reading


19 January 2010 | 6,389 views

IETF Completes Vulnerability Fix For SSL Renegotiation Bug

You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The [...]

Continue Reading


06 January 2010 | 9,541 views

2010 Bug Wreaks Havoc In Germany

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules [...]

Continue Reading


14 December 2009 | 6,783 views

Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual [...]

Continue Reading


10 November 2009 | 5,915 views

Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. Requirements “Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0. Instructions For the binaries: Download the plugin and store it at the directory “..\IDA\plugins”. If you want to compile it on [...]

Continue Reading


02 November 2009 | 12,601 views

RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and [...]

Continue Reading


14 September 2009 | 23,811 views

4f: The File Format Fuzzing Framework

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important [...]

Continue Reading


01 September 2009 | 5,752 views

Graudit – Code Audit Tool Using Grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage Graudit supports several options and tries [...]

Continue Reading


15 July 2009 | 20,370 views

Damn Vulnerable Web App – Learn & Practise Web Hacking

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote [...]

Continue Reading


17 June 2009 | 4,483 views

fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service. Quick Info FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data. It [...]

Continue Reading