June 17th, 2009

fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service.
Quick Info

FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data.
It supports some [...]

February 17th, 2009

NSA Together With Mitre CWE and SANS Identifies Top 25 Programming Errors

Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]

September 24th, 2007

Voting Machines Lose to Hackers Again

I’m sure everyone remembers the Diebold voting fiasco with their system getting pwned multiple times. Back in May 2006 it was announced from multiple sources that the Diebold system was critically flawed.
Then more recently Hackers in the Philippines were Invited to Crack Internet Voting, which is definitely positive step to increase security in voting applications.
Now [...]

October 31st, 2006

PMD – Java Source Code Scanner

Continuing with the series of tools I’ve been posting on source code auditing and application security, here is PMD a Java Source Code Scanner.

PMD scans Java source code and looks for potential problems like:

Possible bugs – empty try/catch/finally/switch statements
Dead code – unused local variables, parameters and private methods
Suboptimal code – wasteful String/StringBuffer usage
Overcomplicated expressions – [...]

October 24th, 2006

LAPSE Sourcecode Analysis for JAVA J2EE Web Applications

LAPSE stands for a Lightweight Analysis for Program Security in Eclipse. LAPSE is designed to help with the task of auditing Java J2EE applications for common types of security vulnerabilities found in Web applications. LAPSE was developed by Benjamin Livshits as part of the Griffin Software Security Project.

LAPSE targets the following Web application vulnerabilities:

Parameter manipulation
SQL [...]

May 17th, 2006

Source Code & Software Security Analysis with BogoSec

Bogosec is essentially a tool for finding security vulnerabilities in source code.
BogoSec aims to increase awareness regarding code security vulnerabilities, while encouraging developers to produce more secure code over time. By simplifying the code scanning process, BogoSec achieves a goal of allowing developers to scan their code regularly and more effectively.

BogoSec is a source code [...]


Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This