It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]
Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
Key Features
JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]
HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.
HP is offering SWFScan because:
Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
As a result, they are seeing a [...]
Ah it’s Wordpress again, sometimes I wonder how many holes there are in Wordpress. I guess a dedicated attacker could find some serious ones with the complexity of the code base.
It’s suspected some of the recent high profile breaches have come from Wordpress exploits.
The latest one to become public is a simple but effective flaw, [...]
If any of you follow the mailings lists or the ’scene’ as it’s known, you’d be familiar with PHC, Phrack, Gobbles, ~el8, Silvio, gayh1tler and the whole Whitehat Holocaust AKA pr0j3kt m4yh3m. (Back when it went public).
The war against whitehats has started up again more vehemently recently with zine known as zero for owned or [...]
We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.
Vulnerabilities
SQL Injection
XSS (Cross Site Scripting)
LFI (Local File Inclusion)
RFI (Remote File Inclusion)
Command Execution
Upload Script
Login Brute [...]
I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from.
Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps).
It wouldn’t be the first time Twitter was having security [...]
This tool has been hitting the news, including some mentions in the SANS ISC Diary.
It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack.
Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at [...]
Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.
Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.
At present [...]
