BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.
It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:

MS-SQL Server

ORACLE
MySQL (experimental)

Attack Templates for:

MS Access
MySQL

ORACLE
PostgreSQL

MS-SQL Server

Also you can write your own attack template for any other database as well [...]

After a recent survey it shows online banking may not be as secure as you might think. People tend to think banks are the pinnacle of security and that assumption continues to their websites.
Sadly however, even in my own personal experience, the truth is far from that. Many many banks have flaws that can leak [...]

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.

Features

User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]

Ratproxy is a semi-automated, largely passive web application security audit tool. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic [...]

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing - Bsqlbf V2, which is a Blind SQL Injection Brute Forcer.

The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind sql [...]

SIP devices are getting to be very common now, especially with open source bundled OS offerings like Trixbox making it easy to setup your own digital or IP-PBX.

Along with the frequent installations, many (if not most) VoIP devices have available a Web GUI for their configuration, management, and report generation. These Web GUIs are often [...]

It seems like Microsoft are starting to get serious about security, in a very progressive move they have said they are ok with ethical hackers finding security flaws in their online services.
It’s been fairly ok so far to hack away at software installed on your own hardware, but hitting remotely hosted applications has been a [...]

HDIV (HTTP Data Integrity Validator) is a Java Web Application Security Framework. HDIV extends web applications’ behaviour by adding Security functionalities, maintaining the API and the framework specification. This implies that we can use HDIV in applications developed in Struts 1.x, Struts 2.x, Spring MVC and JSTL in a transparent way to the programmer and [...]

A new version of Wfuzz is available, many improvements and fixes since first release which was in the middle of 2007. Fuzzing is definitely in, an article was posted recently about how everyone should keep on fuzzing! Will post it up soon.
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for [...]

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]