Archive | Programming


19 January 2010 | 6,389 views

IETF Completes Vulnerability Fix For SSL Renegotiation Bug

You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The [...]

Continue Reading


06 January 2010 | 9,540 views

2010 Bug Wreaks Havoc In Germany

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules [...]

Continue Reading


14 December 2009 | 6,782 views

Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual [...]

Continue Reading


10 November 2009 | 5,906 views

Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. Requirements “Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0. Instructions For the binaries: Download the plugin and store it at the directory “..\IDA\plugins”. If you want to compile it on [...]

Continue Reading


02 November 2009 | 12,450 views

RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and [...]

Continue Reading


14 September 2009 | 23,810 views

4f: The File Format Fuzzing Framework

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important [...]

Continue Reading


01 September 2009 | 5,743 views

Graudit – Code Audit Tool Using Grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage Graudit supports several options and tries [...]

Continue Reading


15 July 2009 | 20,339 views

Damn Vulnerable Web App – Learn & Practise Web Hacking

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote [...]

Continue Reading


17 June 2009 | 4,482 views

fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service. Quick Info FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data. It [...]

Continue Reading


04 May 2009 | 10,646 views

Fiddler – Web Debugging Proxy For HTTP(S)

Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes [...]

Continue Reading