[ad] This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues. Version 3 of the Testing Guide was released in last month in December 2008, the project […]
Archives for 2009
TJX (T.J. Maxx and Marshall’s) Hacker Jailed For 30 Years
[ad] You should be familiar with the TJX case by now (TJX Largest Breach of Customer Data in U.S. History) and we’ve been following it here for a couple of years. We reported back in August last year that the TJX Credit Card Hackers were Busted and now one of the 11 guys involved has […]
Time and Attack Mapper AKA TA-Mapper – Time/Effort Estimator Tool For Blackbox Security Assessment
[ad] Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy […]
Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement
[ad] This is an interesting development in router security, Cisco bugs have been popping up now and then – not that often – but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of […]
WITOOL v0.1 – GUI Based SQL Injection Tool in .NET
[ad] WITOOL is an graphical based SQL Injection Tool written in dotNET. – For SQL Server, Oracle – Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft […]