[ad] This is more of a tool for the information security professional amongst us, those working in a team carrying out web application audits, penetration tests and vulnerability assessments. It’s useful for a team to use a tool like dradis so everyone is on the same page and the progress and segregation of responsibility can […]
Archives for 2009
Chrome and Firefox Face Clickjacking Exploit
[ad] Just remember that even though Firefox tends to be more secure than Internet Exploder – it’s not immune from vulnerabilities (although they do tend to get fixed much much faster). The latest one that’s cropped up in both Firefox and Chrome is a clickjacking vulnerability. This is basically where a link is replaced by […]
Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool
[ad] We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008). Now there have been 2 major updated versions, the latest being 0.6. What is Complemento? Complemento is a collection of tools that the author originally created for his own personal toolchain for […]
Kyrgyzstan Taken Offline by Huge Denial of Service Attack
[ad] Isn’t it amazing in this day and age an entire country can be knocked offline by Denial of Service attacks! You’d have though it wouldn’t happen any more. I do remember the days when it was fairly easy to take one of the smaller ISPs out in UK, so I guess the infrastructure of […]
Independent Web Vulnerability Scanner Comparison – Acunetix WVS, IBM Rational AppScan & HP WebInspect
[ad] I saw a relevant paper published today by an individual that claims the comparison was ordered by a penetration testing company (a company which remains unnamed). The vendors were not contacted during or after the evaluation. Testing Procedure The author tested 13 web applications (some of them containing a lot of vulnerabilities), 3 demo […]