Archive | Web Hacking

Advertisements


28 January 2016 | 1,408 views

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Continue Reading


31 December 2015 | 4,361 views

Linode DDoS Attack – Merry Xmas Sysadmins

So the Linode DDoS attack – seems like this xmas has been a terrible time for sys admins, along with what happened to Steam and A Small Orange (100+ hours down). A whole lot of work during the most drunken holiday of the year, not fun. And yes it affected me too, work wise everything […]

Continue Reading


10 November 2015 | 3,106 views

0d1n – Web HTTP Fuzzing Tool

0d1n is an open source web HTTP fuzzing tool and bruteforcer, its objective is to automate exhaustive tests and search for anomalies (you know, vulnerabilities). 0d1n can increase your productivity following web parameters, files, directories, forms and other things. Od1n is written in C and uses libcurl for performance. Features Some of the features of […]

Continue Reading


20 October 2015 | 2,141 views

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. In each lesson, users must demonstrate their understanding of a […]

Continue Reading


19 September 2015 | 2,933 views

Weevely 3 – Weaponized PHP Web Shell

Weevely is a command line weaponized PHP web shell dynamically extended over the network at runtime and is designed for remote administration and pen testing. It provides a telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30 modules shape an extensible framework to […]

Continue Reading


15 September 2015 | 5,833 views

BackBox Linux – Penetration Testing LiveCD

BackBox is a Linux distribution based on Ubuntu – a penetration testing LiveCD. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the […]

Continue Reading


10 September 2015 | 1,644 views

WhatsApp Web vCard Vulnerability Exposed 200M Users

So it seems there was a lot of noise about the WhatsApp Web vCard Vulnerability with over 200 Million people using the desktop version of WhatsApp – it’s a fairly large cache of users to go after. Disclosed by Check Point security, the vulnerability is exploited by sending a vCard contact containing malicious code to […]

Continue Reading


30 June 2015 | 3,705 views

WATOBO – The Web Application Security Auditing Toolbox

WATOBO – The Web Application Security Auditing Toolbox – is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. It is capable of passive as well as active scanning and this latest is its real value added. It enables to automatize the discovery of common vulnerabilities (XSS, LFI, SQL […]

Continue Reading


06 June 2015 | 2,679 views

Shadow Daemon – Web Application Firewall

Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. Shadow Daemon is easy […]

Continue Reading


31 May 2015 | 2,832 views

OWASP Zed Attack Proxy – Integrated Penetration Testing Tool

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as […]

Continue Reading


Advertisements