Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
Key Features
JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints.
For example, the lack [...]
We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]
This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]
You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.
Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]
This looks like a fairly complex infection mechanism combining exploiting websites, injecting JavaScript code then attempted exploitation of host machines and failing that prompting a download for some fake malware.
The way they have it all setup is pretty clever too hiding behind common technologies so their infections don’t look out of place.
An obfuscated JavaScript meant [...]
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management [...]
In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that [...]
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered [...]
As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]
