May 18th, 2009

Samurai Web Testing Framework 0.6 Released – Web Application Security LiveCD

You may remember we wrote about Samurai being released back in November 2008, it’s been quite a while since the last update.

The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. [...]

January 28th, 2009

Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect

I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed).
The vendors were not contacted during or after the evaluation.
Testing Procedure
The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo applications provided by the [...]

January 16th, 2009

FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add [...]

November 27th, 2008

FireCAT 1.4 Released – Firefox Catalog of Auditing Extensions

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
You can find an online map of Firecat v1.4 here.
Changes for version 1.4

Information Gathering (Enumeration and Fingerprinting)

Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target [...]

November 12th, 2008

Samurai Web Testing Framework – Web Application Security LiveCD

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]

January 3rd, 2008

gotroot modsecurity Rules for Apache – Anti-spam and Security

To follow on from Whitetrash which I posted about previously, here is another tool to secure your web site or web application. Essentially it’s a very comprehensive set of rules for mod_security.
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server [...]


Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This