[ad] SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind […]
owasp
The Top 10 PHP Security Vulnerabilities from OWASP
[ad] This is a useful article that has basically taken the OWASP Top 10 Vulnerabilities and remapped them to PHP with actual examples. The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications. These vulnerabilities can, of course, exist in PHP […]
OWASP – Fortify Bug Taxonomy
[ad] Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types […]
WebScarab – Web Application Analysis – New Version
[ad] WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to […]