Archive | Web Hacking


30 January 2007 | 43,148 views

Burp Proxy & Burp Suite – Attacking Web Applications

I love the Burp Suite, I really do. It’s pretty much my favourite local proxy program and my favourite suite of tools for security testing web applications (especially the session investigation and manipulation parts). Another great thing is it’s cross platform, so you don’t have to learn different tools for Windows and Linux. Basically Burp […]

Continue Reading

27 January 2007 | 17,079 views

Introducing WHCC – Web Hack Control Center

Web Hack Control Center is a GUI based web server vulnerability scanner or assessment tool. This application gives you the means to identify which security vulnerabilities exist on your web servers by scanning them for the most popular server exploits. WHCC contains a database of thousands of exploits for a variety of web servers. This […]

Continue Reading

18 January 2007 | 6,220 views

PHP Security Specialist (Stefan Esser) Resigns

This is sad news as PHP hasn’t particularly had a good security record in the past. He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having […]

Continue Reading

17 January 2007 | 4,559 views

WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to […]

Continue Reading

15 January 2007 | 18,400 views

SPIKE Proxy – Application Level Security Assessment

SPIKE Proxy is part of the SPIKE Application Testing Suite, It functions as an HTTP and HTTPS proxy, and allows the web developer or web application auditor low level access to the entire web application interface, while also providing a bevy of automated tools and techniques for discovering common problems. These automated tools include: Automated […]

Continue Reading

10 January 2007 | 8,984 views

AttackAPI 2.0 Alpha – JavaScript Hacking Suite

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies. AttackAPI 2.0 branch is a lot better then the 1.x. […]

Continue Reading

09 January 2007 | 15,348 views

WordPress 2.0.5 Trackback Vulnerability with Exploit

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing […]

Continue Reading

04 January 2007 | 7,445 views

SIFT Web Services Security Testing Framework

SIFT has released a new Intelligence Report titled ‘A Web Services Security Testing Framework‘. The framework covers the entire web services security testing process incorporating detailed threat modelling, scoping and planning methodologies tailored specifically for web services applications. Web services are a widely touted technology that aim to provide tangible benefits to both business and […]

Continue Reading

31 December 2006 | 658,760 views

wwwhack 1.9 – Download Web Hacking Tool

WWWhack is a brute force utility that will try to crack web sites guarded by an web access password. This utility can use a word file or try all possible combinations, and by trial-and-error, will attempt to find a combination of username/password that is accepted by the web server. This shows the weakness in securing […]

Continue Reading

30 December 2006 | 12,791 views

IE & Firefox Both Effected by Fake Login Flaw

It seems the recent fake login flaw effects both Internet Exploder and Firefox. Good to keep alert and with the new update mechanism it’s very simple to update your Firefox installation. The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users’ login credentials via […]

Continue Reading