Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote […]
Web Hacking
Web hacking is always the latest headline find web hacking 101, tools, web site hacking, web application hacking and the latest news about website hacking here.
Some examples of web hacking tools are:
- wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download
- Wfuzz Download – Web Application Password Cracker
- FLARE – Flash Decompiler to Extract ActionScript
- WebSurgery – Web Application Security Testing Suite
Some examples of web hacking protection are:
Twitter Hack Spreads P*rn Trojan
[ad] I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from. Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps). It wouldn’t be the first time Twitter […]
Slowloris – HTTP DoS Tool in PERL
[ad] This tool has been hitting the news, including some mentions in the SANS ISC Diary. It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack. Slowloris holds connections open by sending partial HTTP requests. It continues to send […]
Acunetix Web Vulnerability Scanner (WVS) 6.5 Released
[ad] You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software. Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front. I’m hoping to try out the AcuSensor on […]
Massive Malware Outbreak Infects 30,000 Websites
[ad] This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware. The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place. An […]