sqlget is a blind SQL injection tool developed in Perl, it lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

Databases supported:

IBM DB2
Microsoft SQL Server
Oracle
Postgres
Mysql
IBM Informix
Sybase
Hsqldb
Mime
Pervasive
Virtuoso
SQLite
Interbase/Yaffil/Firebird (Borland)
H2
Mckoi
Ingres
MonetDB
MaxDB
ThinkSQL
SQLBase

Evasion features:

Full-width/Half-width Unicode encoding
Apache non [...]

It seems after a brief scan that about 80% of sites contain common flaws that allows them to be compromised in some way, most often to create phishing sites, steal data and hijack info about clients.
An amazing 30% contain a serious vulnerability.

Eight out of ten Web sites contain common flaws that can allow attackers to [...]

Selenium is a test tool for web applications. Selenium tests run directly in a browser, just as real users do. And they run in Internet Explorer, Mozilla and Firefox on Windows, Linux, and Macintosh. No other test tool covers such a wide array of platforms.

Browser compatibility testing. Test your application to see if it works [...]

An interesting snippet from last month, AOL seems to have a strangely configued password system.
Users can enter up to 16 characters as a password, but the system only reads the first 8 and discards the rest. They are basically truncating the password at 8 characters.

A reader wrote in Friday with an interesting observation: When he [...]

PRIAMOS is a powerful SQL Injector & Scanner

You can search for SQL Injection vulnerabilities and inject vulnerable string to get all Database names, Tables and Column data with the injector module.
You should only use PRIAMOS to test the security vulnerabilities of your own web applications (obviously).
The first release of PRIAMOS contain only SQL Server Database [...]

More Google News this week after Google Launches Online Security & Malware Blog, now they have acquired a web security startup called GreenBorder.

Google Inc. said on Tuesday it has bought Internet security startup GreenBorder Technologies Inc., which creates secure connections to protect e-mail and Web users from malicious or unwanted computer code.
Terms of the deal, [...]

SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL [...]

Ah another way for phishers and people wanting to steal login credentials to con IE7 users.
Yet another reason to use Firefox or Opera?
Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had.

The flaw lies in the way IE7 processes a locally stored HTML error message page that is [...]

Recently a fairly huge credit card breach occurred involving a large retail company called TJX, with more than 2,000 retail stores.
Some pretty well known brands there, I know I’ve used some of them…the sad part is they themselves still haven’t worked out the extent of the damage done to their information.
For me this has serious [...]

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client (and server) related technologies. The current release supports several browser based attacking techniques, simple but powerful JavaScript console and powerful attack channel and associated API for controlling zombies.
The standalone components of the library can be found at the [...]