Archive | Programming

Advertisements


01 July 2010 | 5,765 views

FxCop – .NET Framework Security Analysis Tool

FxCop is an application that analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. Many of the issues concern violations of the programming and design rules set forth in the Design Guidelines, which are the Microsoft […]

Continue Reading


27 April 2010 | 14,636 views

fuzzdb – Comprehensive Set Of Known Attack Sequences

fuzzdb is a comprehensive set of known attack pattern sequences, predictable locations, and error messages for intelligent brute force testing and exploit condition identification of web applications. Many mechanisms of attack used to exploit different web server platforms and applications are triggered by particular meta-characters that are observed in more than one product security advisory. […]

Continue Reading


23 April 2010 | 4,961 views

ReFrameworker – General Purpose Framework Modifier

ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order to produce modified binaries that can replace the original […]

Continue Reading


16 April 2010 | 7,183 views

Oracle Releases Emergency Patch for Java Vulnerability

After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code […]

Continue Reading


12 April 2010 | 6,254 views

Serious Java Bug Exposes Users To Code Execution

Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to solve […]

Continue Reading


16 March 2010 | 7,147 views

OWASP CodeCrawler – Static Code Review Tool

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few minor […]

Continue Reading


01 February 2010 | 5,972 views

Google Willing To Pay Bounty For Chrome Browser Bugs

This is a pretty interesting development from Google and also seems to be coming much more common now, companies openly offering payments for bugs/vulnerabilities discovered in their software. It’s a chance for the white-hat guys to earn a few bucks, but honestly I don’t think it’s going to change anything. Especially not when we’re talking […]

Continue Reading


26 January 2010 | 9,653 views

Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extensible but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test […]

Continue Reading


19 January 2010 | 6,405 views

IETF Completes Vulnerability Fix For SSL Renegotiation Bug

You should remember the SSL Renegotiation bug from last year that was used to successfully attack twitter. Finally IETF have come out with a fix for the issue, it’s natural it has taken some time as it’s a flaw in the actual protocol itself not in any specific implementation (which is usually the case). The […]

Continue Reading


06 January 2010 | 9,546 views

2010 Bug Wreaks Havoc In Germany

This was pretty unexpected for most people, the Y2K bug was so over-hyped then nothing really happened. Then suddenly 2010 comes and everything goes haywire! The first big news that struck was Spam Assassin which included all versions of cPanel, it started rejected almost all e-mails due to a bug in the spam detection rules […]

Continue Reading


Advertisements