Some new statistics just came out regarding Browser Security, this is more in terms of which users are most likely to apply patches and be using the most secure version.
I would have thought Firefox would have been pretty high since the newer series prompt automatically new patches. My only guess is a lot of people [...]

Now this is an interesting turn of events, the Asprox botnet malware is being used to spread SQL Injection tools rather than sending out phishing e-mails as before.
It seems to install quite stealthily as well disguising itself as a Windows Service with a fairly convincing file name. It’s certainly interesting to see the evolution of [...]

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.
The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.
Besides the discussion [...]

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs [...]

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
It’s becoming a mature and useful package! I’m glad to see continued developing and [...]

One of our favourite all time tools for attacking web applications has been updated! Burp Suite has now reached version 1.1! This is a major release - not a minor upgrade.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate [...]

With a recent spate of attacks from banner ads (many of which are using flash) this might be a useful tool if you are using flash or more accurately flash applications on your website or portal.
I did mention a Flash decompiler a while back, now we have SWFIntruder (pronounced Swiff Intruder), which is apparently the [...]

Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.
Better security without bursting your brain
Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

Strong passwords that are hard [...]

Another protection for those building website and web applications, as it’s the the most common attack vector nowadays I think it’s important to be extra safe on this front.
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes [...]

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla.
It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?).
It’s rated as low risk, but it can give away the existence of files [...]