Archive | Programming


16 March 2010 | 7,089 views

OWASP CodeCrawler – Static Code Review Tool

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few minor […]

Continue Reading


01 February 2010 | 5,919 views

Google Willing To Pay Bounty For Chrome Browser Bugs

This is a pretty interesting development from Google and also seems to be coming much more common now, companies openly offering payments for bugs/vulnerabilities discovered in their software. It’s a chance for the white-hat guys to earn a few bucks, but honestly I don’t think it’s going to change anything. Especially not when we’re talking […]

Continue Reading


26 January 2010 | 9,561 views

Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extensible but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test […]

Continue Reading


19 January 2010 | 6,395 views

IETF Completes Vulnerability Fix For SSL Renegotiation Bug

You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The […]

Continue Reading


06 January 2010 | 9,541 views

2010 Bug Wreaks Havoc In Germany

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules […]

Continue Reading


14 December 2009 | 6,787 views

Microsoft CAT.NET v1.1.1.9 – Binary Code Analysis Tool .NET

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual […]

Continue Reading


10 November 2009 | 5,921 views

Turbodiff v1.01 BETA Released – Detect Differences Between Binaries

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries. Requirements “Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0. Instructions For the binaries: Download the plugin and store it at the directory “..\IDA\plugins”. If you want to compile it on […]

Continue Reading


02 November 2009 | 12,763 views

RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and […]

Continue Reading


14 September 2009 | 23,814 views

4f: The File Format Fuzzing Framework

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targeted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important […]

Continue Reading


01 September 2009 | 5,761 views

Graudit – Code Audit Tool Using Grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Usage Graudit supports several options and tries […]

Continue Reading